Acme4J Renewal Implementation

Hey there,

I’m working on an LE client with Acme4J. I’ve got the basics working, but if you look at the Renewal section of the Acme4J docs, it says there is no method for renewal and to just order again. Is this essentially how most clients renew certificates, just ordering a new certificate? Or is it possible to renew an in-place certificate without having to create/order a new one?

Thanks!

Yes.

No. The contents of the certificate needs to be changed, i.e., the not before and not after datetimes. Then, those new contents need to be signed again by Let’s Encrypt. Technically, Let’s Encrypt could store your cert themselves after which you might ask them “please renew” after which Let’s Encrypt makes the new certificate for you and signs it, but that’s a heck of a lot of work for Let’s Encrypt, while just getting a new certificate by your client is just as easy.

In conclusion: a renewal is just a new certificate with the same set of hostnames as an earlier issued certificate.

1 Like

Thanks for the help! That’s exactly what I needed :smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.