Letsencrypt: error: unrecognized arguments: —-renew-by-default


I’m trying to manually renew the certificate, but everything I try returns with:

letsencrypt: error: unrecognized arguments: —-renew-by-default

I’ve tried the following:

./letsencrypt-auto certonly --webroot —-renew-by-default -w /var/www/example.com/public_html -d example.com -d www.example.com

./letsencrypt-auto certonly —-renew-by-default -w /var/www/example.com/public_html -d example.com -d www.example.com

./letsencrypt-auto certonly —-renew-by-default —-config cli.ini

…where /etc/letsencrypt/cli.ini has the following:

# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Uncomment and update to register with the specified e-mail address
# email = foo@example.com

# Uncomment and update to generate certificates for the specified
# domains.
  domains = example.com, www.example.com

# Uncomment to use a text interface instead of ncurses
# text = True

# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
  authenticator = webroot
  webroot-path = /var/www/example.com/public_html

But I still get:

letsencrypt: error: unrecognized arguments: —-renew-by-default

Can anyone explain how to do this?


The first character here is an em dash instead of a regular minus character. Try --renew-by-default instead.



Sorry, I had copied and pasted it into TextEdit which changed the double hyphen to em dash. It is double hyphen in Terminal:

./letsencrypt-auto certonly --webroot --renew-by-default -w /var/www/example.com/public_html -d example.com -d www.example.com

./letsencrypt-auto certonly --renew-by-default -w /var/www/example.com/public_html -d example.com -d www.example.com

./letsencrypt-auto certonly --renew-by-default --config cli.ini


This is quite weird, the first command works for me. What does ./letsencrypt-auto --version return? Which OS/version are you using?


I’m using Ubuntu 12.04 and Apache 2.2. I understand that Let’s Encrypt’s Apache option doesn’t work for my version of Apache, hence I’m using webroot. Webroot option worked. I’m now trying to confirm that the renew will work before I try to automate this with a cron job.

I just installed letsencrypt a few days ago.

./letsencrypt-auto --version


letsencrypt 0.1.1


So, is there no way to manually renew the certificate?


The renew-by-default command should work properly. This will instantly renew the certificate no matter how many days are left in the current certificate’s valid period.


I still get the same error. What am I doing wrong?

Here is my latest try:

$ cd /opt/letsencrypt
$ ./letsencrypt-auto certonly --webroot —-renew-by-default -w /var/www/example.com/public_html -d example.com -d www.example.com
    Updating letsencrypt and virtual environment dependencies.....Requirement already up-to-date: pyopenssl in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages
    Requirement already up-to-date: ndg-httpsclient in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages
    Requirement already up-to-date: pyasn1 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages
    Requirement already up-to-date: six>=1.5.2 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from pyopenssl)
    Requirement already up-to-date: cryptography>=0.7 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from pyopenssl)
    Requirement already up-to-date: idna>=2.0 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->pyopenssl)
    Requirement already up-to-date: setuptools>=1.0 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->pyopenssl)
    Requirement already up-to-date: enum34 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->pyopenssl)
    Requirement already up-to-date: ipaddress in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->pyopenssl)
    Requirement already up-to-date: cffi>=1.4.1 in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->pyopenssl)
    Requirement already up-to-date: pycparser in /home/curt/.local/share/letsencrypt/lib/python2.7/site-packages (from cffi>=1.4.1->cryptography>=0.7->pyopenssl)
    Requesting root privileges to run with virtualenv: sudo /home/curt/.local/share/letsencrypt/bin/letsencrypt certonly --webroot —-renew-by-default -w /var/www/example.com/public_html -d example.com -d www.example.com
      letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ...

    The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates.  By
    default, it will attempt to use a webserver both for obtaining and installing
    the cert. Major SUBCOMMANDS are:

      (default) run        Obtain & install a cert in your current webserver
      certonly             Obtain cert, but do not install it (aka "auth")
      install              Install a previously obtained cert in a server
      revoke               Revoke a previously obtained certificate
      rollback             Rollback server configuration changes made during install
      config_changes       Show changes made to server config during installation
      plugins              Display information about installed plugins
    letsencrypt: error: unrecognized arguments: —-renew-by-default


You still have the m-dash in your command line… The fact the --webroot part is perfect and without any m-dash and the error at the bottom has the same m-dash in it’s error message tells me you should type the whole thing again, with your keyboard, no strange copy/pasting from silly programs who f*ck up your characters, but now without any strange dashes…


As had mentioned previously, it was double dash (or looked like double dash) in the terminal. Nevertheless, I retyped everything in and now it seems to be working. Thanks.

FYI: I tried copying --renew-by-default from the browser and pasted it into TextEdit first and then copied it and pasted it into terminal. The double dash pasted okay. I just found out how the m-dash gets created. When I type – into TextEdit, it gets converted to one m-dash. Then I manually type in a second dash and then copied and pasted both dashes into terminal. It looks like double dash in terminal, but it’s actually one m-dash and one dash.