Further automating certification-creation command

I use Ubuntu 16.04 with Nginx and I create a certificate for WordPress sites with the following command:

certbot --nginx -d ${domain} -d www.${domain}

Certs where created and app confs changed successfully by CertBot.

When I ran the command and doing these changes I was asked some questions in the interactive mode (for example, a question about redirections), questions that generally I would prefer not to be asked (besides filling in my email address), as I would just want to go with the defaults.

Is there any way to further automate the above command, so that the only question I would be asked in interactive mode is my email?

For renewal (i.e., running certbot renew) of your existing certificates, those questions are stored in a renewal configuration file.
If you'd like to enter those info for new certificates, most if not all of them are available with their options. Run certbot --help to see all commands and options.

1 Like

Indeed, all of the questions should have corresponding options there (if you ever get asked one that doesn't, that's a bug in Certbot). There is also a flag --noninteractive to refrain from asking any questions and use defaults, but the command-line options exist in case you want to make explicit decisions. For example, there are --redirect and --no-redirect for the question @benqzq mentioned.

As @Osiris said, certbot renew (for renewing existing Certbot-managed certificates) is inherently non-interactive. In fact, if you have certificates that were obtained with an inherently interactive method like --manual, certbot renew will simply skip renewing them entirely, rather than stopping to ask you any questions.

I have yet to test this, but if a user adds the flag --noninteractive and the command becomes:

certbot --nginx -d ${domain} -d www.${domain} --noninteractive

Where does the email get’s set?

(or it asks nothing but the email?)

If you’ve already created an account (which is stored in /etc/letsencrypt/accounts), it will use that account, which has an e-mail address associated with it on the server side. The account registration can be performed manually with register, but it normally occurs automatically as the first step on the first Certbot run that results in attempting to request a certificate, whether or not the certificate was actually successfully issued.

If you’ve never run Certbot before on this machine and don’t have an account in /etc/letsencrypt/accounts, it will fail because the account registration is required. (It would also fail for lack of --agree-tos.)

Normally you don’t have to explicitly specify an e-mail address or associated options when running Certbot after the first time, for the same reason.

1 Like

Great to know, thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.