Topic: Restoring/Rebuilding server after lightning strike

[Peasant]

Hello everyone,

We had some cracking thunderstorms last weekend, and my server running SME has been making funny noises since (although it still appears to be working). I decided to move it all to a new server, and just wanted to check that I had covered everything in planning the move.
I have a base install of SME 9.2 with the Letsencrypt and email Whitelist/Blacklist control contribs. I use the built in backup with DAR for backups. The process I was going to go through is as follows:

1. Update fully the current server
2. Run workstation backup on the current server
3. Install SME 9.2 on the new server
4. Fully update SME on the new server
5. Restore from the Workstation backup

I am assuming that I will need to reinstall both the contribs. Email Whitelist/blacklist seems straightforward enough, but I'm not so sure about Letsencrypt, as  I already have the certificates registered. Do I need to back up something else on the old server for moving to the new one?

Thanks in anticipation

[mmccarn]

If you are using smeserver-letsencrypt and dehydrated as described in the Letsencrypt wiki page the settings are contained completely in the configuration database and will be included in the backup/restore.

On my network LetsEncrypt seems to be happy to give me certificates for the same hostnames on different machines using different accounts, so I doubt that you need to transfer the actual account settings from the old SME to the new. 

You should be OK doing the restore, setting the new system to the same IP as the old one, and telling dehydrated to get you some new certificates.

[Jean-Philippe Pialasse]

lets' encrypt: the setting are in the e-smith config db but not the certificates

you might be better to also backup restore /etc/dehydrated, or you might get a failing httpd service missing its certs.

[Peasant]

lets' encrypt: the setting are in the e-smith config db but not the certificates

you might be better to also backup restore /etc/dehydrated, or you might get a failing httpd service missing its certs.

Thanks. I found this out the hard way My first attempt failed because of this.

Can I just check that I've got the syntax right for adding a template fragment to DAR. Using the example on the Backup with dar wiki page, because I only need to include etc/dehydrated, then the code I need in 41go-into is:

Code: [Select]

--include etc/dehydratedI then expand the template with

Code: [Select]

expand-template /etc/dar/DailyBackup.dcf
I wonder if I would have been OK first time if I had installed and configured Letsencrypt before restoring from my backup? That way there would have been certificates for httpd to find? Or do I have to backup /etc/dehydrated anyway?

Anyway, this time I mean to:

• Install, and update SME
• Install and configure both contribs (letsencrypt and whitelist/blacklist)
• Restore from backup

Last time I restored from backup before installing the contribs, which is where I thought I'd gone wrong (my excuse is I was about to go on holiday, so time was pushing).

[janet]

Pea

AFAIK the recommended correct order is
(Refer to the Backup server config Howto)

Install, and update SME
Restore from backup
Install contribs,
 configuration should not be necessary as the contrib uses the restored config data

As mentioned the letsencrypt data will need to be BOTH  backed up & restored.

[Peasant]

Thanks Janet. Will report back once I've found the time to have another go.

[kruhm]

You can always pull an old drive and put it in new hardware.

Then raid mirror newer/faster/larger drive.

Once raided, ditch the old drive and replace with another matching newer/faster/larger drive.