Can't renew certificate (replace test cert)


I’ve been testing a lot with the --test-cert flag.

I however now would like to actually get the real certificate. When I remove the --cert-flag the error shows up in the log:

2017-04-25 09:46:13,662:INFO:letsencrypt.cli:Cert not yet due for renewal

I’m wondering how I can replace the “test” certificate?


That information from the log (not actually an error) probably will only be triggered if you are running certbot renew, right?

You might try certbot renew --force-renewal, but I’m not sure what will happen. It will probably just renew the certificate with a new test certificate, because in the renewal configuration the server option is set to the staging server and the account setting to a staging account.
If it did work, just be absolutely sure that --force-renewal isn’t added to your renewal configuration files in /etc/letsencrypt/renewal/!

My advice would be to remove the --test-cert flag before you run certbot renew: i.e., get a real certificate with the initial command you used to get the test certificate, but without the --test-cert flag.

After that, you can test renewal with certbot renew --dry-run.


If you’re trying to do what @Osiris suggests and still seeing “Cert not yet due for renewal”, add --force-renew to your command line (just this one time to make it switch over, not always in the future!).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.