Multiple domain renewal config file


Hi, in looking through the documentation, it seems that the recommend location for the certbot configuration file is /etc/letsencrypt/cli.ini. It also seems as though when renewing, one must remove the domains section of the configuration file since the renew command impacts all of the installed domains. The cli.ini seems to be a single global configuration file, maybe the logic is that it shouldn’t be representing any single domain?

However, how would you set up auto-renew for a server that has multiple different domains at different webroots? If the renew command affects all domains on the server, but the cli.ini only allows a single webroot-path, how would you tell domain to renew using one webroot and to use a different webroot?


All the configuration options for lineages (and thus certificates) are stored in /etc/letsencrypt/renew/.

Unfortunately, cli.ini has preference above the settings in /renew/. IMHO, this is a bug: renew configuration options should have preference above the defaults of cli.ini

The best option for now is to save only the most important things in cli.ini (your e-mail, the account used), but not the domain(s)/webroot parts. Once specified on the command line to get your certificate, those latter variables will be stored in the renewal config.

How to disable auto renew for a domain?


Thank you. Good to know. I’ll start using that directory to make my domain-specific settings.


The renewal configs are automatically generated, the only thing is that you should “clean” your cli.ini from interfering settings.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.