[quote="MrStonedOne, post:3, topic:37306"]
Or maybe making my own client. certbot is a little excessive in the feature list for my uses.[/quote]
Certbot is a heavyweight client and has sometimes been criticized for that. It's got lots of code to deal with automated renewals and server integration (like parsing and editing web server configurations).
If you're looking for something lighter-weight, you might want to look over
Some of the bash clients are quite small and have few or no dependencies.
For certbot renew
, which considers all existing certificates for potential renewal, it's effectively
https://github.com/certbot/certbot/blob/master/certbot/renewal.py#L88
where renewal_candidate.names()
is calling into
https://github.com/certbot/certbot/blob/master/certbot/storage.py#L811
which in turn reads the PEM file on disk.
There is a possibly less interesting case at
https://github.com/certbot/certbot/blob/master/certbot/renewal.py#L296
which should be used if you perform an individual-certificate-oriented action like certbot certonly
with a --cert-name
or list of domains that are judged to refer to an existing certificate and with options or circumstances that are judged to request a renewal of that existing individual certificate. (The circumstances when this happens are somewhat complicated to explain, although I've explained them before in some detail in other forum threads, related to the options --keep-until-expiring
, --duplicate
, --force-renewal
, and the expiration time of the existing certificate.)
Edit: I think I have a more detailed explanation somewhere else, but I found a basic summary that I wrote about the meanings of the individual-certificate-oriented command line options that affect Certbot's behavior: