I am currently have some tls problems with my postfix and ariba.com purchase order emails. The postfix community members are helping and have suggested some setting changes in let's encrypt renewal settings. Changing to the following in letsencrypt/renewal/domain.conf preferred_chain = ISRG Root X1 rsa_key_size = 2048 The changes has been done. Now have to figure out how to force renew the certs so that the new certs will have the above options. Any suggestions?
I have not tested a forced renewal yet, but I guess it should pick up settings from the config file as the normal renew does so it should be aware of using webroot authenticator etc. So using: certbot renew --force-renewal -d yourdomain.tld -d www.yourdomain.tld should work in my opinion. As far as I know, you must specify all domains and subdomains that are currently in that cert using the -d option and start with the main domain (the one that the cert file name contains).
Or maybe try using this instead: certbot renew --cert-name yourdomain.tld --force-renewal where yourdomain.tld is the domain name of the cert file.
This works great! Thank you for taking the time and helping with the command line. I do appreciate it very much.
