The manual backup and restore instructions, as well as the “reinstall” instructions, mention nothing about the Let’s Encrypt SSL cert generated on setup.
You can’t (that I know of) generate an SSL cert on the new server unless the domain is pointing to it.
What’s the recommended approach for migrating the cert from one self-hosted instance to another? Copy the cert directory? Generate the cert as a “final step” after DNS is pointing to the new server?
For a Let’s Encrypt certificate, I’d honestly just point the DNS to the new server and generate a new one – that should be done in a couple of minutes.
If you’re using the new Docker setup with Caddy, Caddy would do that for you automatically.
Let’s Encrypt supports DNS challenge. With that, you can generate a certificate without even a server running behind it. Many Let’s Encrypt supported server supports DNS challenge, including Caddy (with a plugin). You can setup your new server, and generate a certificate with DNS challenge. Then you can safely change your main domain DNS record to point your new server.