Force new DNS validation


I am writing a DNS-Update script that should be called from certbot and therefor have to do some testing. It seems that after a valid request of a cert I can renew this without a new DNS validation. Even deleting the cert doesn’t start a new DNS validation. I have tried --force-renew and are always using --test-cert, but with no success.

What will I have to do to start over and force a new DNS validation?

Thanks in advance.

If you use a recent version of Certbot, --dry-run will automatically deactivate any existing valid authorisations, ensuring that a fresh challenge is performed every time.

Using certbot-auto might be a good choice to test with, since it’s always up to date.

I am already using the --dry-run param, certbot then tells me that renewal is simulated, but no DNS validation is executed. certbot immediately exits after the renewal.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate


  • The dry run was successful.

What version of Certbot? The dry-run deactivation logic only got added in 0.40.

Like I said, try testing with certbot-auto to guarantee the latest version.

Oh, my certbot seems to be quite old. It’s v0.31.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.