Sometimes you need to move VPS’s, and you don’t want downtime with the SSL certs.

Well it turns out that you can easily run Let’s Encrypt in standalone mode and use DNS verification to do a once-off cert prior to moving the VPS. – Read the Certbot docs.

But once the migration has taken place, you may also want to return to the validation method that you had been using previously. Two options exist, either a) modify the config files by hand (strongly advised against) or to return to the certbot and get it to update the config itself.

For example here is how I generally get a SSL cert on a particular box:

certbot certonly --webroot -w=/var/www/letsencrypt -d [www.URL.com] -d [URL.com]

And here is how I update to the new config

sudo certbot certonly --cert-name [www.URL.com] --force-renewal -a webroot -w=/var/www/letsencrypt

Thanks to @schoen on this post: https://community.letsencrypt.org/t/how-to-change-certbot-verification-method/56735/3