Hi, I’m developing a program to automatically renew my SSL certificates for my server.
Currently, the command to renew SSL certificates is /opt/certbot-auto certonly --keep --no-bootstrap --no-self-upgrade --non-interactive --webroot -w /usr/share/nginx/html -d myDomain.
I’m wandering if I should remove --no-self-upgrade options in the command. Because if I don’t upgrade certobot-auto, I’ll get a warning saying Attempting to parse the version <new_version> renewal configuration file found at XXX with version <old_version> of Certbot. This might not work.. I’m afraid some day in the future, the program will not be able to renew the SSL certificates on my machine if I don’t upgrade certbot-auto.
If I remove --no-self-upgrade, should I also remove --no-bootstrap? Because new versions of certbot-auto might have different OS dependencies.
Just remember if you requested your certificates that way that information is written into the .conf file in /etc/letsencrypt/renewal so you should check any of your .conf files there for any of those paramaters you used when obtaining the certificate. Your renewal command should then just be a simple ./certbot-auto renew
I'd rather keep both parameters when running the command non-interactively. From a system operator's view, automatic software updates could interfere with the intentional job: renewing the certificates. If one wants to update the software, the update process should be supervised.
Thank you for letting me know that this could only happen if the certificates were created or previously renewed by a newer version of Certbot. I didn’t know this.