Disable auto renew for a specific domain

#1

Hi, I use certbot on my webserver to obtain SSL certificates for my websites.
There are some domains though that usually do not point to the public IP but to internal IP and I change the DNS record when the certificates are going to expire, unfortunately my DNS provider do not support the DNS plugin.

I’d like to disable the auto renew only for those domains, letting it enables for the others domains.

I tryed to add “autorenew = False” to the “[renewalparams]” section in /etc/letsencrypt/renewal/domain.conf but when I run “certbot renew” nothing seems to change: the program try to renew the certificate failing the challenge.

I don’t want to remove the conf file because when I’ll change the DNS records and update manually that certificate, the file will be created again.

Thanks for your help,
Giulio

#2

One strategy could be to set those certificates to:

[renewalparams]
renew_before_expiry = 1 day

This defaults to 30, meaning start renewing 30 days before the certificate expires.

Presumably you would have renewed them by the time expiry-1 day rolls around.

#3

Thanks, that’s a good suggestion! Basing on your comment, I tryed to put a negative date and it worked fine!