Hello,
Does LetsEncrypt have the ability to generate a certificate with a “Valid From” date that is in the past?
For example, generating a Valid From Date in July 2016 instead of July 2017.
Is this possible?
Hi @erikpasta,
No, it is not possible to control the "Not Before" or "Not After" dates of the certificates issued by Let's Encrypt. The Not Before date is automatically backdated 1 hour from issuance but it is not configurable. Similarly the Not After date is set to 90 days from the time of issuance and is not configurable.
I don't have a definitive reference at hand but I don't think any browser trusted CA will be able to fulfill this request. I believe the CA Browser Forum (CABF) baseline requirements prohibit back dating to this extent.
I’m almost positive that this is not possible. LE certs have a 90-day validity period and are already back-dated by an hour to account for inaccurate system clocks. What use case are you trying to accomplish with a cert back-dated by a year?
1 Like
This may have changed, but it's actually not prohibited, as far as i know. Backdating certificates for purposes of cheating rules (e.g. issuing SHA-1 after 2015-12-31) is unacceptable, but in general CAs are just encouraged to behave reasonably.
https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Backdating_the_notBefore_Date
2 Likes
That may be the case! Unfortunate :-/
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.