I'm trying to replace a different client with certbot and run certbot in certonly mode as an unprivileged user and as part of another script. Unfortunately I've got a range of issues with the --fullchain-path --chain-path and --cert-path flags.
The help-page says the default is "None" which I'd interpret as "if not specified no file is generated"
--cert-path CERT_PATH
Path to where certificate is saved (with auth --csr),
installed from, or revoked. (default: None)
--fullchain-path FULLCHAIN_PATH
Accompanying path to a full certificate chain
(certificate plus chain). (default: None)
--chain-path CHAIN_PATH
Accompanying path to a certificate chain. (default:
None)
However, I get 3 files when not specifying any or only a subset of the options:
0000_cert.pem 0000_chain.pem 0001_chain.pem
If I specify any of them I run into another potential issue: Certbot will never overwrite the file if they exist and exit with an error.
Am I missing a certbot flag here? It seems odd that this isn't working at all, in most cases I only need either the cert-path and maybe the chain oder the fullchain file, but hardly ever I need all three of them.
The full command I'm currently testing with:
certbot certonly --register-unsafely-without-email --agree-tos --cert-path /opt/letsencrypt/certificate.pem --csr /opt/letsencrypt/certs/test.csr --key-path /opt/letsencrypt/account_key.pem --preferred-challenges http --webroot --webroot-path /var/wwwACME/ --work-dir /opt/letsencrypt/workdir --config-dir /opt/letsencrypt/config --logs-dir /opt/letsencrypt/logs --staging
Thank you very much