Renew but don't generate new certificate

I have been using certbot for a while but I am facing a challenge that needs to be tackled. I want the auto-renew mechanism to work as it does after every 90 days but I don’t want a new certificate.
Is there a way to use the old certificate and keys and renew their age only without generating new cert or credentials?

I have to add these keys to another server every 90 days and on more customer usage, it will become difficult for my small team to do it themselves.

Please help. Thanks.

1 Like

Renewing is generating a new certificate. It doesn’t have to generate a new private key (there’s a command-line option for that behavior), but the certificate itself will also be new.

The correct answer is to automate this process.


Thanks for the quick response.

Automation is difficult if I have to add this certificate inside a docker image for running a web service on the server with https. For that I need to renew and then add the certificate in my dockerfile after every 3 months and update the image.

I was thinking if on renewal I could get the same certificate and keys so that I don’t have to add them again and again. is there a way around it?

1 Like

A “renewal” has to be a different certificate–once issued, a certificate can’t be changed. Really, there’s no such thing as “renewing” a certificate; the process that’s called renewal is simply issuing a new, identical cert with different dates. The private key doesn’t have to change (though I think it does by default with certbot), but the certificate does. This can’t be avoided regardless of which CA you use. But if you’re manually deploying the cert to wherever it’s used, you really aren’t using Let’s Encrypt as it’s intended to be used. Though I’m sure your Docker process could be automated.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.