Differences between requesting a new cert and a renewal

Can someone outline some of the high level differences between requesting/issuing a new cert and the renewal of an existing cert? Do they use roughly the same process, or are some steps skipped for the renewal (using the private key)?

Hi @seanieb,

Renewal really always means requesting a new certificate. There is no way to extend the validity of an existing certificate.

In Certbot, this detail is hidden from used because the renewed certificates are saved in the same place as the old certificate, from the point of view of software like a web server. Thus the user does not need to do anything to install the renewed certificate or to configure the software to use it.

Unless you use CSRs, there’s currently no way in Certbot to reuse the private key, although this is a commonly requested feature and we have a GitHub issue tracking the feature request.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.