The --standalone
method is mainly intended for people who are not running a web server on the computer where they obtain the certificate (for example, if they intend to use it for an e-mail server or some other kind of service). If there’s a tutorial out there suggesting using it for some other reason, it’s almost certainly giving bad advance.
Certbot remembers what authentication method you used when you obtained the certificate, and uses that method again if you run certbot renew
. So if you got your certificate with --standalone
, it will also be used for renewal.
You can change the authentication method by running certbot certonly --force-renew --cert-name your-certificate-name
(filling in the appropriate name in place of your-certificate-name
, as listed in the output of certbot certificates
), plus the authentication option(s) that you want to use, plus -d
flags for each domain name that the certificate should cover. For example, if you wanted to use --apache
instead, you could run
certbot certonly --force-renew --apache --cert-name your-certificate-name -d example.org -d www.example.org -w othersubdomain.example.org
Usually --apache
and --nginx
are best for people who are running those servers, and --webroot
for people who are running a different web server, or who can’t get --apache
or --nginx
to configure their servers appropriately. (Until recently, --webroot
was recommended for all Nginx users, but now we suggest trying --nginx
instead.)