Where is the renewal config file grammar documented?

All fair points. I left a comment about documenting these here the other day.

Unfortunately I don't think there's any totally reliable way to predict what it should be. The CLI options and the renewal parameters are distinct things, even though they look like they overlap.

Right now the best solution that exists is to do a --force-renewal with the CLI flag you want, e.g.

certbot renew --cert-name example.com --force-renewal --reuse-key

and that would persist the option for future renewals.

We are also investigating adding a way to update existing renewal parameters without actually doing a renewal. I think this would be the best solution because it avoids having the user modify internal files and also avoids pointless renewals.

For reference, --reuse-key has this effect:

# Options used in the renewal process
[renewalparams]
reuse_key = True
6 Likes