First of all, thanks for the service - it is Really Something !
Expand type renewals seem to be broken for me on my server since the recent release.
I have tried the --force-renewal ‘trick’ I saw someone else mentioned a while back, but that doesn’t seem to work either. certbot-auto detects the changes, asks me to Expand or Cancel, I click Expand but the standalone server challenges are only checking the domains from the existing cert, and it delivers me a success result but the new domains are not present. If I rerun the exact same command a few seconds later, I get the exact same results.
When I try to send a new cert request with the same domains in the existing cert (no changes) the certbot detects this and exits without regenerating.
Here’s my config /etc/letsencrypt/cli.ini:
rsa-key-size = 4096 email = email@example.com authenticator = standalone pre-hook = service httpd stop post-hook = service httpd start agree-tos = True force-renewal = True expand = True
certbot-auto certonly -n --config /etc/letsencrypt/cli.ini --domains app1.example.com,app2.example.com,app3.example.com
What am I missing? Is there a new setting?