in order to prepare for multiple vantage point validation (as in ACME v1/v2: Validating challenges from multiple network vantage points ) I’d like to know how to safely test certifcate renewal.
We’re using certbot and we already successfully tested a new certificate emission. Is there any way to test renewal without having an expiring certificate?
Thank you in advance
According to the announcement, this change is already deployed to staging environment. In this case, the best way to test is to use the staging environment:
If you didn’t have any current certificate issued for your domain, issue one with staging.
If you already have current certificate issued and want to make sure renewal would work, simply run
certbot renew --dry-run. (This will test your renewal with staging system)
Thank you for the answer.
I’m currently using --server certbot param to point to staging server:
Is it equivalent to using --dry-run (except the latter skips final updaters) ?
In my first question I wanted to know wether I’m able to fully test certicate renewal, based I’ve not an expiring certificate (when testing with current issued certificates I get a warning like “certificate not due for renewal”)
This is how the dry run is for😁
If you wish to request a new certificate, issue one with server directive specified (like how you did). For renewal (testing), just use dry run and simulate the renewal (in staging). Dry-run will also not change your certificate content or issue a new certificate into your existing one.