search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.43k stars 984 forks source link

Renew only specified domains #1532

Open SoniEx2 opened 2 years ago

SoniEx2 commented 2 years ago

Welcome

How do you use lego?

Binary

Detailed Description

When using lego renew, one should be able to tell lego to only renew the specified domains, and drop any domains not specified.

This would make managing certs much easier as one'd be able to just use systemd for it, instead of remembering the run command and all that. Just add/remove -d's and call it a day, then run the renewal unit.

m1cr0man commented 2 years ago

I'd like to second this - in NixOS' ACME module it was recently reported (NixOS/nixpkgs#147540) that removing a domain does not work as expected, for this reason.

I would also ask that if the list of domains differs from those specified on the CLI, and --days is also specified, that a renewal would be attempted regardless of expiry date for those domains specified. This avoids a hacky bit of scripting we did already to detect a change in the configured domains.

aanderse commented 2 years ago

Some days I wonder why we use lego instead of certbot... 😞

ldez commented 2 years ago

@aanderse Some days I wonder why I spend my time creating and maintaining open-source projects... Please, there are humans behind open-source projects.

aanderse commented 2 years ago

@ldez I'm sorry. I actually intended that comment to be in the NixOS issue thread, not this one... but after some reflection I realize even in the NixOS issue thread it is still an inappropriate comment. You're right. I'm an open source contributor as well and it never feels nice when people leave comments like that based on your hard work. Please do accept my apologies - many people appreciate the work people put into this project, myself included.