unify run/renew command

[hanoii]

I wonder if it shouldn't be nice to use one command for run/renew. It could be a new one. run would be the initial request and any subsequent request would renew. With this you can automate generate/renewal from the start.

[xenolf]

This is on my todo list for the LE V2 API update.
The renew command is basically just a wrapper for run with some added code for SAN handling.

[ulope]

Do you have a recommended way of automating run / renew with the current version?

[hanoii]

@ulope to be honest I just run run manually and then renew on cron, if you were to do it truly automatic I guess you can cook up a script that looks for the cert files, if not present run run, otherwise renew.

[pavels]

I did some work on automation, see https://github.com/pavels/nginx-lego - the idea is not mine, it was taken from here https://github.com/ilg/nginx-letsencrypt-aws and seems like it works ok

[Duologic]

Just dropping this here as a simple workaround:

DOMAIN=example.com
CERT_EXISTS=$(stat -c %s certificates/$DOMAIN.crt && echo "success" || echo "fail")

if [[ $CERT_EXISTS == *"success"* ]]
then
    ./lego -a --path $PWD --domains $DOMAIN --dns route53 renew --days 30
else
    ./lego -a --path $PWD --domains $DOMAIN --dns route53 run
fi

# TODO: using binary, doesn't have --pem option yet
cat certificates/$DOMAIN.crt > certificates/$DOMAIN.pem
cat certificates/$DOMAIN.key >> certificates/$DOMAIN.pem

[Duologic]

I haven't run into it yet, but what would happen if you use 'renew' with a different or extended SAN-set?

FYI, updated the above script to support SAN and using Route53 for it: https://gist.github.com/Duologic/bf23bf65f6a7f03b8108827686b9398a