Right. --dry-run gets fake certificates from the staging environment and doesn’t save them. It tests most aspects of renewal pretty well, but not all of them.
If you use --force-renewal, it will issue new certificates from the production environment and save them. Don’t do this too frequently. Especially don’t do it automatically. It’s wasteful, and Let’s Encrypt has rate limits.letsencrypt.org
Rate Limits – Let’s Encrypt – Free SSL/TLS Certificates
Last updated: August 1, 2018 | See all Documentation Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. We believe these rate limits are high enough to work for most people by default. We’ve also designed them so…
Let’s Encrypt can issue more certificates without revalidating for a certain amount of time (currently 30 days, but this is not guaranteed). (Even if Certbot looks like it’s validating again.) It’s not easy bypass that within Certbot, so forcing an extremely early renewal may not actually test validating again, but it will exercise the other parts.
Mani:
How can i cancel/ permanently delete the certificate with lets encrypt.
How much do you want to delete it? For what purpose?
The “certbot delete” command can delete your local certificate files.
The “certbot revoke” command can also revoke the certificate, which you need to do if it has been compromised or the domain is no longer yours, but you normally don’t need to do if you just want to stop using it. (Revoking a certificate will also stop Let’s Encrypt from sending you emails when it’s about to expire, but you can just ignore them.)
You can’t erase all evidence the certificate existed – they’re permanently archived in public Certificate Transparency logs, which can be searched on https://crt.sh/ 1 and other websites.
(And deleting or revoking certificates doesn’t affect Let’s Encrypt’s rate limits.)
