Adam Gibbins
My feedback
1 result found
-
8 votes
Hello,
Actually 14, 7, 1 is already the special schedule for let’s encrypt certificates. This is automatically detected by updown.io so you don’t have to, normal 1-year certificates get an additional 30 days reminder.
The threshold for let’s encrypt certs starts at 14 days because the default renew delay is 30 days before expiration: https://certbot.eff.org/docs/using.html. This can be down to 23 days with a weekly cron for example (pretty common) so that’s why we chose 14 days, so you have plenty of time to renew but still have time to investigate and fix any potential auto-renew issues.
If you’d rather renew your cert only 5 days before expiration that’s up to you but we won’t recommend or support this configuration as we consider it dangerous ☺
I’ll mark this suggestion as “Under Review” to measure the need for this.
An error occurred while saving the comment
Hello,
I'm a user of Netlify's service for hosting static sites, they provide LetsEncrypt certificates however they don't appear to be renewed until ~10 days before expiry. I have no control over this, so I get notifications from updown.io when 14 days remain every time. It'd be nice to be able to tune this.
I can only assume they're doing this as they're operating at large scale so this delayed renewal significantly reduces load, so it's not likely they'll alter it to align with LE recommendations.