Certbot: Renew, reissue, or duplicate certificate using ACME URL query parameters
Anytime you request certificate automation with a third-party ACME client, CertCentral searches for existing certificate orders, and if it finds one that matches, applies the default lifecycle action for that order.
You can also explicitly instruct CertCentral to perform a specific lifecycle action for an existing certificate order, by adding the automation action type and order ID as query parameters to the ACME URL.
참고
 CertCentral can automatically renew and reissue certificates for existing orders when applicable. See  ACME automation actions.
 To duplicate an existing certificate, the certificate profile must have duplicates enabled, and you must include the automation action and order ID in the ACME URL.
Consider the following ACME URLs that include automation action and order ID query parameters:
- https://one.digicert.com/mpki/api/v1/acme/v2/directory?action=renew&orderId=555123456- Renew the certificate from order ID number 555123456. 
- https://one.digicert.com/mpki/api/v1/acme/v2/directory?action=reissue&orderId=555789012- Reissue the certificate from order ID number 555789012. 
- https://one.digicert.com/mpki/api/v1/acme/v2/directory?action=duplicate&orderId=555345678- Issue a duplicate of the certificate from order ID number 555345678. 
The below examples illustrate complete Certbot client commands that include ACME URLs with added query parameters.
- Renew the public trust certificate in order ID number 555123456 for domains - example.comand- www.example.com, using HTTP-1 for domain control validation and installing the renewed certificate within the local Apache web server:- sudo certbot --apache --register-unsafely-without-email --eab-kid abcdef8sCnHGBsbCOgnv1ijy00l6UeEYCavSSSirl-k --eab-hmac-key EEEraHBXQUxWTEFGdFhndjRVNmV4t4F6c2VNZDM1QzRURGhjdHF3S1NublJjN0dhVUFObzA0SXJwVHBnU2yyUH --server https://one.digicert.com/mpki/api/v1/acme/v2/directory?action=renew&orderId=555123456 --config-dir /usr/local/certbot/my_other_public_webserver_config/ -d test.com -d www.test.com --preferred-challenges http 
- Reissue the public trust wildcard certificate in order ID number 555789012 for - *.my.example.com, using DNS-1 for domain control validation and installing the reissued certificate within the local NGINX web server:- sudo certbot --nginx --register-unsafely-without-email --eab-kid zcskpf8sCnHGBsbCOgnv1ijy00l6UeEYCavSSSirl-k --eab-hmac-key DDDraHBXQUxWTEFGdFhndjRVNmV4t4F6c2VNZDM1QzRURGhjdHF3S1NublJjN0dhVUFObzA0SXJwVHBnU2yyUH --server https://one.digicert.com/mpki/api/v1/acme/v2/directory?action=reissue&orderId=555789012 --config-dir /usr/local/certbot/my_public_webserver_config/ -d *.my.example.com --manual --preferred-challenges dns 
- Issue a duplicate of the public trust certificate in order ID number 555345678 for domains - test.comand- mail.test.com, using HTTP-1 for domain control validation and installing the duplicate certificate within the local NGINX web server:- sudo certbot --nginx --register-unsafely-without-email --eab-kid zcskpf8sCnHGBsbCOgnv1ijy00l6UeEYCavSSSirl-k --eab-hmac-key DDDraHBXQUxWTEFGdFhndjRVNmV4t4F6c2VNZDM1QzRURGhjdHF3S1NublJjN0dhVUFObzA0SXJwVHBnU2yyUH --server https://one.digicert.com/mpki/api/v1/acme/v2/directory?action=duplicate&orderId=555345678 --config-dir /usr/local/certbot/my_public_webserver_config/ -d test.com -d mail.test.com --preferred-challenges http 
As usual, if the ACME automation request is valid, the resulting certificate gets automatically issued and installed for you.