Certbot DNS: remove no-autorenew

hartmans · hartmans · commit 8de2479dcb45 · 2025-07-04T12:30:32.000-06:00
We would prefer that certbot not autorenew our certificates because it
does no good. Either we will get called to install the new certificate
and we could renew then, or we will not, and it would be better to let
the certificate fall out of issue.  However, certbot's behavior on
no-autorenew is pathological: it treats the existing certificate as
unexpired, no matter how old it is, blocking manual attempts to renew
with the certonly command.

Therefore, allow autorenewals.
diff --git a/carthage_base/pki.py b/carthage_base/pki.py
@@ -311,7 +311,6 @@ async def issue_credentials(self, hostname:str, tag:str):
                 '--cert-name', cert_name,
                 '--dns-rfc2136',
                 '-d', hostname,
-                '--no-autorenew'
             )
         async with self.certbot_access() as path:
             key = path/cert_name/'privkey.pem'

Original file line number	Diff line number	Diff line change
`@@ -311,7 +311,6 @@ async def issue_credentials(self, hostname:str, tag:str):`
`311`	`311`	`'--cert-name', cert_name,`
`312`	`312`	`'--dns-rfc2136',`
`313`	`313`	`'-d', hostname,`
`314`		`- '--no-autorenew'`
`315`	`314`	`)`
`316`	`315`	`async with self.certbot_access() as path:`
`317`	`316`	`key = path/cert_name/'privkey.pem'`