1

I have a script which daily runs the command certbot --nginx -d $DOMAIN

for a number of domains to renew their certificate

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/****.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): Cert not yet due for renewal

I always pick 1 if the certificate is not close to expiry. Is there a flag I can pass to the command to make it always pick 1?

user25282
  • 125
  • 1
  • 1
  • 4

2 Answers2

2

You should be using

certbot renew

which does everything automatically

renew acts on multiple certificates and always takes into account whether each one is near expiry. Because of this, renew is suitable (and designed) for automated use, to allow your system to automatically renew each certificate when appropriate. Since renew only renews certificates that are near expiry it can be run as frequently as you want - since it will usually take no action.

https://eff-certbot.readthedocs.io/en/stable/using.html#renewing-certificates

If your certbot installation was done properly, there is most probably a cron job already setup that does this (so you do not have to do this yourself manually). I recently installed certbot in a ubuntu 22 server using snap and a cronjob in /etc/cron.d/certbot was automatically added.

ttsakpc
  • 136
  • 5
1

You can try running the command with the -n parameter:

Run without ever asking for user input. This may
require additional command line flags; the client will
try to explain which ones are required if it finds one
missing

If that doesn't help you can use the common methods to answer questions of command line tools:

  1. Piping the answer into the command

    echo "1" | certbot [...]

  2. use expect

  3. Use other means to edit the config file, e.g. sed or a configuration management solution of your choice.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89