Problem renewing cert

@schoen I was just reading through the certbot help and got a bit confused because according to the help the command is

sudo certbot renew --cert-name api-stage.example.com --force-renewal -a webroot -w /var/www/wherever/the/webroot/is

…but I ran the command successfully using ‘sudo certbot certonly…’.

Do the certonly and renew options have the same effect? Which is the syntax to use?

The distinction is about whether the process is meant to run unattended or not and whether it acts on multiple certificates.

certbot renew acts on every certificate that you have installed via Certbot, although it only attempts to renew those that are 30 days or less from expiry. It is mainly meant to be run unattended from cron. It’s not willing to stop to ask the user any questions.

certbot certonly obtains one individual certificate, which may be a renewal of an existing certificate. It can be run interactively and will ask you questions if it needs more information.

Providing -a webroot -w /var/www/wherever/the/webroot/is with renew (or other authenticator options of any kind) is generally very inadvisable because it will update all of your certificates with authentication information meant to apply to only one of them. But if I remember correctly, a special case was added to certbot renew so that it will act only on a single certificate if --cert-name is provided, so that shouldn’t have caused any harm if my memory serves.

Still, the intended distinction is that certbot certonly is for obtaining a single certificate right now, while certbot renew is intended for unattended renewal checking for every certificate on the system.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.