Renew --dry-run does not use the renewalparams server conf

My domain is: custom internal domain
We have a running internal acme server at acme02-dev.internal.com

I ran this command to issue the certificate from the internal acme server:
certbot --nginx -d myhost.internal.com --server https://acme02-dev.internal.com/acme/acme/directory

The certificate is issued and installed properly. So far so good.
I see that there is a conf file:
/etc/letsencrypt/renewal/myhost.internal.com.conf
In the conf file there is a row
server = https://acme02-dev.internal.com/acme/acme/directory
which is how it should be

But when I run:
certbot renew --dry-run
edit: fails only with --dry-run
Certbot does not use the custom acme server but tries to renew from letsencrypt instead. Which fails of course.

I have to run certbot renew --server https://acme02-dev.internal.com/acme/acme/directory to make it work.
Which means that certbot does not use the server setting in the conf file.

The version of my client is:
certbot 1.20.0

github issue link:

2 Likes

Please include the letsencrypt.log file that shows this behavior.

1 Like

Seems like this happens only with --dry-run. Will edit the 1st post.
I did --force-renewal and it worked. So at least it's failing only when testing

I see in the github issue reply that this is how it should work, so my fault. --dry-run is always using staging by default:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.