You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Certbot's behavior differed from what I expected because:
The cert was expired by over a day, and was showing as expired in the browser.
Mitigation
Remove autorenew = False
from config file.
While I used --no-auto-renew because I did not want the snap timer renew to run, it seems it instead prevents certbot renew from renewing it when manually run (without the domain?) as well.
Solutions/comments
Error message should state that the domain did not renew because renewal is disabled.
This may be a 'read the manual' situation, but the 'not yet due' error sent me on an absolute wild goose chase of time zone debugging, cron debugging, trying to figure out if the cert was actually getting applied, etc.
There are some other unanswered questions in search results that smell the same, so hopefully this will be indexed as an answer as well.
The text was updated successfully, but these errors were encountered:
Personally I'd say it's part "RTM" and part indeed confusing and inconsistent output of Certbot.
I'd rather see Certbot outputting something like "autorenewal disabled".
That said, there still is no way to re-enable autorenewing again without manually editing the configuration file (see #9283 and #9285), so maybe this whole --no-auto-renew should be yanked entirely? I don't know how many users use this feature, but it's only partly implemented IMO and leads to confusion.
My operating system is (include version):
Ubuntu 22.04.3 LTS
I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):
snap
I ran this command and it produced this output:
certbot --nginx --no-auto-renew --server my.acme.server
and then, via my own renewal strategy,
certbot renew
Output:
Certbot's behavior differed from what I expected because:
The cert was expired by over a day, and was showing as expired in the browser.
Mitigation
Remove
autorenew = False
from config file.
While I used --no-auto-renew because I did not want the snap timer renew to run, it seems it instead prevents
certbot renew
from renewing it when manually run (without the domain?) as well.Solutions/comments
This may be a 'read the manual' situation, but the 'not yet due' error sent me on an absolute wild goose chase of time zone debugging, cron debugging, trying to figure out if the cert was actually getting applied, etc.
There are some other unanswered questions in search results that smell the same, so hopefully this will be indexed as an answer as well.
The text was updated successfully, but these errors were encountered: