Use "certonly" for both issuing and renewal

I’m using certbot in docker.

I used the certonly command to issue a certificate, and I planned to use renew to renew it.

However I discovered that when I ran certonly again, it behaved like the renew command. So I am able to use certonly for both issuing and renewal.

Is this a bug or a feature - can I use certonly for both operations? That would make my scripts much simpler.

Hi @lonix1

you can. But why not only renew?

certonly doesn’t restart the server.

Perhaps use --cert-name, so you don’t have a list of folders 001, 002 etc.

1 Like

Thanks @JuergenAuer!

(I am using standalone and I restart the server myself.)

But why not only renew ?

Are you saying that also renew works that way - it does both issuance and renewal?

It may, depending on the installer saved in the renewal configuration file. :slight_smile:

1 Like

The differences between the two are:

  • certonly can interact with a human user (for example, with --manual where user action is required, or to ask questions about options that weren’t specified on the command line); renew can’t
  • renew can renew many certificates in a single run; certonly will only generate at most one new certificate per run

Normally, we expect that systems will run certbot renew twice per day automatically, in order to renew all certificates that are getting close to expiry. However, the ability of certbot certonly to renew individual certificates upon request is intentional, in case users have a need to do that.