I am unable to automatically renew the certificate on my web server.
I have been using something like this:
certbot certonly \
--agree-tos \
--renew-by-default \
--dns-cloudflare \
--dns-cloudflare-credentials /.cloudflare \
--cert-name example.com \
-d foo.example.com \
-d bar.example.com
This creates a random sequentially numbered directory with a new certificate inside, like example.com-004. My web server doesn't know where to find this, so I've built a symlink hack on top of it. It's not ideal.
It looks like certbot renew might be the answer here, but I can't get it to work. I have tried these:
certbot renew
certbot renew \
--cert-name example.com
certbot renew \
--agree-tos \
--cert-name example.com
cerrbot renew \
--agree-tos \
--renew-by-default \
--dns-cloudflare \
--dns-cloudflare-credentials /.cloudflare \
--cert-name example.com \
-d foo.example.com \
-d bar.example.com
All of the above will fail with the error:
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
...or maybe it is succeeding?