Hi, I’m developing a program to automatically renew my SSL certificates for my server.
Currently, the command to renew SSL certificates is /opt/certbot-auto certonly --keep --no-bootstrap --no-self-upgrade --non-interactive --webroot -w /usr/share/nginx/html -d myDomain.
I’m wandering if I should remove --no-self-upgrade options in the command. Because if I don’t upgrade certobot-auto, I’ll get a warning saying Attempting to parse the version <new_version> renewal configuration file found at XXX with version <old_version> of Certbot. This might not work.. I’m afraid some day in the future, the program will not be able to renew the SSL certificates on my machine if I don’t upgrade certbot-auto.
If I remove --no-self-upgrade, should I also remove --no-bootstrap? Because new versions of certbot-auto might have different OS dependencies.
Just remember if you requested your certificates that way that information is written into the .conf file in /etc/letsencrypt/renewal so you should check any of your .conf files there for any of those paramaters you used when obtaining the certificate. Your renewal command should then just be a simple ./certbot-auto renew
I'd rather keep both parameters when running the command non-interactively. From a system operator's view, automatic software updates could interfere with the intentional job: renewing the certificates. If one wants to update the software, the update process should be supervised.