Certbot add domains to existing certificate in batch mode

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Hi all, this is my first post. Hope I will find help here.

My domain is: some of these in the command

I ran this command:

certbot --expand certonly --expand --allow-subset-of-names --standalone --cert-name others.com -m topcaisse@top-s
ecured.com -d pizzarella.fr -d www.pizzarella.fr -d alliancepizza.fr -d www.alliancepizza.fr -d naisbeaute.com -d w
ww.naisbeaute.com -d linstituttinctorialetzen.fr -d www.linstituttinctorialetzen.fr -d institut-calypso.fr -d www.i
nstitut-calypso.fr -d cindybeauty.fr -d www.cindybeauty.fr -d toto.mensys.fr

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None

You are updating certificate others.com to include new domain(s):

You are also removing previously included domain(s):

Did you intend to make this change?

(U)pdate cert/©ancel:

My web server is (include version): Squid Cache: Version 4.0.23

The operating system my web server runs on is (include version): Fedora release 27 (Twenty Seven)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.1

The question:
Because there is no plugin for squid, and there is no way to run certbot in standalone on different ports than 80 and 443 used by squid in production, I am forced to stop squid to add domains, and this should be only by night, in a crontab script.

How to avoid any question in batch mode ?

I set in the command --expand. Why should I answer If I want to Update?


Hi @PatSSL

there is another option ( User Guide — Certbot 1.21.0 documentation ):


Perhaps add this option.

Squid looks very flexible. Isn't it possible to create an exception to /.well-known/acme-challenge and use that?

Or to redirect that directory to another server / instance?

So you could use http-01 validation with the webroot-option.

Hi JurgenAuer,
First I want to thanks you because the --non-interactive is doing exactly what I was looking for.

On 2nd remark about squid, I tried to find what you call http-01 validation mode in the documention, and it is not so clear for me.

I am using Squid as a load-balancer/proxy-cache on few servers and I do know how to redirect URLs on URL content.

But still not clear how webroot will work.

Where could I find some explanations?



I don't know if Squid allows such things.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.