Renew certbot: error: unrecognized arguments:

I have the script below running as a container within docker compose using the image certbot/certbot

All goes well with the initial certificate issuance, but the script is giving an error on the line

certbot renew -v -n "$OPT_TEST_CERT" "$OPT_DRY_RUN"

However if I open a shell on the container and run the command it works ($OPT_DRY_RUN was not set)

/opt/certbot # certbot renew -n --test-cert
Saving debug log to /var/log/letsencrypt/letsencrypt.log

---

Processing /etc/letsencrypt/renewal/test.growler.co.za.conf

---

Certificate not yet due for renewal

---

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/test.growler.co.za/fullchain.pem expires on 2025-06-20 (skipped)
No renewals were attempted.

---

The error output that I see is as follows:

certbot-1 | Sat Mar 22 10:10:02 UTC 2025: Starting certificate renewal process ... OPT_TEST_CERT=--test-cert, OPT_DRY_RUN=
certbot-1 | Sat Mar 22 10:10:02 UTC 2025: > certbot renew -v -n --test-cert
certbot-1 | usage:
certbot-1 | certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
certbot-1 |
certbot-1 | Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
certbot-1 | it will attempt to use a webserver both for obtaining and installing the
certbot-1 | certificate.
certbot-1 | certbot: error: unrecognized arguments:

#!/bin/sh

trap exit TERM

OPT_TEST_CERT="--test-cert"
# OPT_DRY_RUN="--dry-run"
OPT_DRY_RUN=""
[ ! "$DRY_RUN" = "true" ] && OPT_DRY_RUN=""

rm -f /var/www/certbot/.certbot-started

echo "$(date): certbot container started ... OPT_TEST_CERT=$OPT_TEST_CERT, OPT_DRY_RUN=$OPT_DRY_RUN"

# Check if certificates exist
if ! certbot certificates | grep "Certificate Name: test.growler.co.za"; then
    GROWLER_WEBROOT="/var/www/certbot/test.growler.co.za"
    [ ! -d "$GROWLER_WEBROOT" ] && mkdir -p "$GROWLER_WEBROOT"
    echo "$(date): Initial certificate acquisition for test.growler.co.za"
    certbot certonly --webroot -v -w "$GROWLER_WEBROOT" -d test.growler.co.za --email admin@growler.co.za -n --agree-tos --no-eff-email "$OPT_TEST_CERT"
fi

touch /var/www/certbot/.certbot-started

while :; do
    echo "$(date): Starting certificate renewal process ... OPT_TEST_CERT=$OPT_TEST_CERT, OPT_DRY_RUN=$OPT_DRY_RUN"
    echo "$(date): > certbot renew -v -n $OPT_TEST_CERT $OPT_DRY_RUN"
    certbot renew -v -n "$OPT_TEST_CERT" "$OPT_DRY_RUN"
    sleep 12h
done

Hi @crowne!

When "$OPT_DRY_RUN" is an empty string, it still gets passed as an argument to certbot, which ends up looking like this:

certbot renew -v -n --test-cert ""

You need to update your script so that if no dry run is happening, it doesn’t pass any argument to certbot.

Thanks @os11k !

I've updated my script as follows, and it's now working without complaining.

#!/bin/sh

trap exit TERM

OPT_TEST_CERT="--test-cert"
# OPT_DRY_RUN="--dry-run"
OPT_DRY_RUN=""
[ ! "$DRY_RUN" = "true" ] && OPT_DRY_RUN=""

rm -f /var/www/certbot/.certbot-started

echo "$(date): certbot container started ... OPT_TEST_CERT=$OPT_TEST_CERT, OPT_DRY_RUN=$OPT_DRY_RUN"

# Append non-empty test flags, then run command
run_with_test_flags() {
  local cmd="$1"

  if [ -n "$OPT_TEST_CERT" ]; then
    cmd="$cmd $OPT_TEST_CERT"
  fi

  if [ -n "$OPT_DRY_RUN" ]; then
    cmd="$cmd $OPT_DRY_RUN"
  fi

  eval "$cmd"
}

# Check if certificates exist
if ! certbot certificates | grep "Certificate Name: test.growler.co.za"; then
    GROWLER_WEBROOT="/var/www/certbot/test.growler.co.za"
    [ ! -d "$GROWLER_WEBROOT" ] && mkdir -p "$GROWLER_WEBROOT"
    echo "$(date): Initial certificate acquisition for test.growler.co.za"
    cmd="certbot certonly --webroot -v -w $GROWLER_WEBROOT -d test.growler.co.za --email admin@growler.co.za -n --agree-tos --no-eff-email"
	run_with_test_flags "$cmd"
fi

touch /var/www/certbot/.certbot-started

while :; do
    echo "$(date): Starting certificate renewal process ... OPT_TEST_CERT=$OPT_TEST_CERT, OPT_DRY_RUN=$OPT_DRY_RUN"
    echo "$(date): > certbot renew -v -n $OPT_TEST_CERT $OPT_DRY_RUN"
    cmd="certbot renew -v -n"
	run_with_test_flags "$cmd"
    sleep 12h
done

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.