Certbot renewing a CSR-based cert when it is not expiring


I am generating a certificate (successfully) by using a CSR, receiving three files (0001_cert.pem, 0001_chain.pem and 0002_chain.pem). Then, I try to schedule the renewal check with the following command:

certbot-auto certonly -t --debug --keep --apache --csr ./csr.der

However, even if I have “–keep”, whenever I run the command I get a new group of certificates in new files (0002_cert.pem, 0003_chain.pem and 0004_chain.pem), even if the old ones are not about to expire (in fact I created them just a few minutes before). What am I doing wrong?

(I need a CSR-based certificate, with a fixed private key, to use it with DANE)


Certbot does not support “renewal” for CSR-based requests at all (every CSR-based request is always treated as completely independent from every other); by coincidence this was just discussed in

We definitely need to find a way to make this clearer to users!


Thanks for pointing me at the other thread (the subject wasn’t clear). I joined the other discussion.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.