Certbot cert expanding

When adding a name to the list for a letsEncrypt property, certbot fails thusly:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Missing command line flag or config entry for this setting:
You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/…)

It contains these names: …

You requested these names for the new certificate: …

Do you want to expand and replace this existing certificate with the new certificate?

(You can set this with the --expand flag)

I think maybe Propellor should always pass --expand? I haven't tested if that works correctly when not changing the names.

RSS

comment 1

Makes sense. The man page says:

        --expand              If an existing certificate is a strict subset of the
                              requested names, always expand and replace it with the
                              additional names. (default: Ask)

Which reads like it will not change behavior in other cases. Still, it would be good for someone to test it before the change is made to propellor..

Comment by joey — Tue Jul 31 14:25:34 2018

Remove comment