From b96ac02b189df8dd1f67076c0b98a4547475843f Mon Sep 17 00:00:00 2001 From: Jeff Wong Date: Sat, 2 Aug 2025 23:35:12 -0700 Subject: [PATCH 1/2] Allow renewal of staging certs and honor --staging/--test flags. It is nice to be able to reliably test cert renewals, such as when a cert is requested in an application using a different method than it is being renewed as, such as when a cert is obtained through standalone mode, and then expected to renew through nginx/apache. Testing renewals by running the cron command swaps out staging cert requests for production ones. Operators may want to test the renewal command and append --force --test of the form: `acme.sh --cron --home="/home/letsencrypt" --force --test` make the --test flag (or --staging) flag on this command honor the request to continue to use staging servers for renewals when requested. related to #6368 --- acme.sh | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/acme.sh b/acme.sh index bba74ed0..10a44fa3 100755 --- a/acme.sh +++ b/acme.sh @@ -5454,20 +5454,22 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" - case "$Le_API" in - "$CA_LETSENCRYPT_V2_TEST") - _info "Switching back to $CA_LETSENCRYPT_V2" - Le_API="$CA_LETSENCRYPT_V2" - ;; - "$CA_BUYPASS_TEST") - _info "Switching back to $CA_BUYPASS" - Le_API="$CA_BUYPASS" - ;; - "$CA_GOOGLE_TEST") - _info "Switching back to $CA_GOOGLE" - Le_API="$CA_GOOGLE" - ;; - esac + if [ -z "$STAGE" ]; then + case "$Le_API" in + "$CA_LETSENCRYPT_V2_TEST") + _info "Switching back to $CA_LETSENCRYPT_V2" + Le_API="$CA_LETSENCRYPT_V2" + ;; + "$CA_BUYPASS_TEST") + _info "Switching back to $CA_BUYPASS" + Le_API="$CA_BUYPASS" + ;; + "$CA_GOOGLE_TEST") + _info "Switching back to $CA_GOOGLE" + Le_API="$CA_GOOGLE" + ;; + esac + fi if [ "$_server" ]; then Le_API="$_server" From b4f72454b6dc42b3f1945eac969c4f1c90dfde24 Mon Sep 17 00:00:00 2001 From: Jeff Wong Date: Sat, 2 Aug 2025 23:56:43 -0700 Subject: [PATCH 2/2] Force switch to default staging CA when staging flag is detected. --- acme.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 10a44fa3..cc4c0dbb 100755 --- a/acme.sh +++ b/acme.sh @@ -5454,7 +5454,10 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" - if [ -z "$STAGE" ]; then + if [ "$STAGE" ]; then + _info "Switching to $DEFAULT_STAGING_CA" + $Le_API="$DEFAULT_STAGING_CA" + else case "$Le_API" in "$CA_LETSENCRYPT_V2_TEST") _info "Switching back to $CA_LETSENCRYPT_V2"