My domain is: staging.pricingmonkey.com
I ran this command:
certbot renew --cert-name staging.pricingmonkey.com --must-staple --force-renewal
It produced this output: n/a
My web server is (include version): n/a (certificate was obtained with certonly and uses a dns challenge)
The operating system my web server runs on is (include version): ubuntu 20.04
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0
I have some existing certificates and I want to add the the OCSP Must Staple extension to them. I tried with the command above, and it completed with no errors: the certificate was renewed successfully, and must_staple = True was added to the renewal config. But when I checked the certificate afterwards (with openssl x509 -text), the certificate did not have the OCSP Must Staple flag. Interestingly, this worked fine when I tried the same with a staging certificate: after renewal the certificate had the flag as expected.
Thanks,
Max
