Renew + standalone?


#1

Hey everyone,

The renew docs are a little light on details compared to the number of options that exist to set up a certificate.

If I have the following to generate a certificate:

sudo letsencrypt-auto certonly --config config.ini -a standalone --test-cert

Would sudo letsencrypt-auto renew perform the same request if the certificate is nearing expiration or would it try and do the webroot renewal?

If I run the above command a second time, the docs hint that it might just renew the certificate, I was just wondering if that is the case or there are some edge cases where it would just get new certificates?

Cheers,
Matt


#2

In general there is not a strong distinction, as far as the server is concerned, between requesting a new certificate and renewing an old certificate. Both are considered a request to issue a certificate. The server does recognize when you are requesting issuance for a set of names that have already been requested on a previous certificate, and grants a rate limit exception.

From the client perspective, I believe the necessary renewal options are stored in a config file under /etc/letsencrypt/renewal, so the renewal attempt should use the same options. You can also test renewal with --dry-run.


#3

Thank you jsha!!

It was largely the rate limit I wanted to avoid hitting. I’ll also check out the renew directory.

Cheers,
Matt