Can't renew certificate (replace test cert)


#1

I’ve been testing a lot with the --test-cert flag.

I however now would like to actually get the real certificate. When I remove the --cert-flag the error shows up in the log:

2017-04-25 09:46:13,662:INFO:letsencrypt.cli:Cert not yet due for renewal

I’m wondering how I can replace the “test” certificate?


#2

That information from the log (not actually an error) probably will only be triggered if you are running certbot renew, right?

You might try certbot renew --force-renewal, but I’m not sure what will happen. It will probably just renew the certificate with a new test certificate, because in the renewal configuration the server option is set to the staging server and the account setting to a staging account.
If it did work, just be absolutely sure that --force-renewal isn’t added to your renewal configuration files in /etc/letsencrypt/renewal/!

My advice would be to remove the --test-cert flag before you run certbot renew: i.e., get a real certificate with the initial command you used to get the test certificate, but without the --test-cert flag.

After that, you can test renewal with certbot renew --dry-run.


#3

If you’re trying to do what @Osiris suggests and still seeing “Cert not yet due for renewal”, add --force-renew to your command line (just this one time to make it switch over, not always in the future!).


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.