-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement --dry-run flag #62
Comments
I've had a consideration on how this should be done: certbot has 2 different "dry run" type modes (
I'd say we do --dry-run, just to test the nginx setup and network ports, and exit before starting the deploy steps. Then the production certs can be obtained and deployed for real. Even if the deployment fails, rerunning certbot certonly will always ask the user if he wants to keep the existing certificate or request a new one, in which case he should select to keep it, and the deployment will deploy it. (unless he requested a staging cert before for the same domain, in which case he needs to request a new one and overwrite it). Staging certs can always be done through --letsencrypt-params "--staging", but as mentioned above, they won't work to deploy because we need to download the staging CA. So it's not that simple to do, and is a compromise in any case. |
This is how it looks when requesting a staging cert for an already existing domain:
I'm not sure why it says the limit is 5 per 7 days if the staging servers have a higher rate limit, perhaps it's a bug in certbot. |
As you noted I'd use this just to test nginx config, which is as of today the biggest cause of trouble. I can't recall many times when real deployment fails. We can choose to implement Otherwise, in order to be less misleading, the param could be called |
It should run
certbot --statging
to test webserver setup with more gentle request rates.https://letsencrypt.org/docs/staging-environment/
The text was updated successfully, but these errors were encountered: