I’m using certbot in docker.
I used the
certonly command to issue a certificate, and I planned to use
renew to renew it.
However I discovered that when I ran
certonly again, it behaved like the
renew command. So I am able to use
certonly for both issuing and renewal.
Is this a bug or a feature - can I use
certonly for both operations? That would make my scripts much simpler.
you can. But why not only
certonly doesn’t restart the server.
--cert-name, so you don’t have a list of folders 001, 002 etc.
(I am using
standalone and I restart the server myself.)
But why not only
Are you saying that also
renew works that way - it does both issuance and renewal?
It may, depending on the installer saved in the renewal configuration file.
The differences between the two are:
certonly can interact with a human user (for example, with
--manual where user action is required, or to ask questions about options that weren’t specified on the command line);
renew can renew many certificates in a single run;
certonly will only generate at most one new certificate per run
Normally, we expect that systems will run
certbot renew twice per day automatically, in order to renew all certificates that are getting close to expiry. However, the ability of
certbot certonly to renew individual certificates upon request is intentional, in case users have a need to do that.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.