I have a setup where certbot is being run, using a small bash script, inside of a Docker container. The script issues a certificate and sticks the files in a location (not using a mounted volume, but uploading them) and is scheduled to run using a cron job
The script issues the certificate using
certbot certonly \
–webroot-path ./challenges \
–email <some-email> \
All this works fine. That said, I need to figure out the proper way to handle renewals in this scenario. I’d like my cronjob to run twice per day, but since the content of the docker container is ephemeral, the next time it fires then the /etc/letsencrypt/ folder is no longer available, so it would think it is requesting the certificate again. At twice per day it would hit the Duplicate Certificate limit of 5 certificates per week, i.e I think I would not be counted towards the Renewal Exemption limit as described at https://letsencrypt.org/docs/rate-limits/
To make sure you can always renew your certificates when you need to, we have a Renewal Exemption to the Certificates per Registered Domain limit. Even if you’ve hit the limit for the week, you can still issue new certificates that count as renewals. An issuance request counts as a renewal if it contains the exact same set of hostnames as a previously issued certificate. This is the same definition used for the Duplicate Certificate limit described above. Renewals are still subject to the Duplicate Certificate limit. Also note: the order of renewals and new issuances matters. To get the maximum possible number of certificates, you must perform all new issuances before renewals during a given time window.
I’m basing this on the fact that I do not have the /etc/letsencrypt/renewal/ folder available when I run it. Is there a way (command line option etc?) that let me run the above command (but modified) twice per day and it would only send me the cert files if they’re due for renewal?
I hade a look at https://certbot.eff.org/docs/using.html#certbot-command-line-options but couldn’t find anything