Our SSL cert expires in 2 day’s time, and I’d like to prepare for the switch.
Our site currently has 3 LE certificates, manually applied by the host (Pair).
Pair have yet to institute auto-renewing, despite my “nagging”, so… should I wait for the Wildcard option to be live, or pre-empt the current cert’s expiration, and renew all three a day early?
Many thanks for simplifying this mystifying procedure for us.
A Blessed New Year to you all.
The staging ACME v2 server is due this month, but it will only issue certificates for the test/staging CA.
Production wildcard certificates are on track for February 27.
Glad I asked 
I’ll go through manually updating them all, as 3 months ago.
Is it ok to renew them a day before they expire?
You can renew them whenever you want, as long as you stay within the rate limits. There’s no need to cut it so close.
Most clients that implement automatic renewal, do so 30 days before expiry.
Oops Right-o…
I’m slacking!
Just as an extra note: Once we enable the V2 API you will still need an ACME client that can speak this version of the protocol in order to get a wildcard certificate. At present there are very few clients that can do this.
Thank you Daniel,
I tried responding at the LE Help Forum, but am no longer able to login using the correct User name and password, so I have to email you…
I just renewed three certificates for our main domain, and two sub-domains, virtually hosted at Pair.com.
It took a few hours, mainly waiting for pair to install the certificates I generated at Zerossl.com.
But it went smoothly, and all works fine, with three Green “A’s” testing at ssllabs.com.
I’ll pass your note about the V2 API needing the relevant ACME client, to Pair Management, because their developers are currently working on integrating LE auto-renewal, and they tell me it will be ready “very soon”.
Thank you LE bods!
Glad to see production wildcard certificates are on their way - will be a great addition!
@PeaceComesFree 2 days is cutting it pretty fine 
If you’re interested I created https://padlockspy.com/ to monitor SSL expiry, vulnerabilities, mixed content etc. feel free to check it out for free
Yes Josh, my understanding was that I couldn’t renew until the SSL had expired.
I hadn’t forgotten, I was waiting for it to expire.
That’s why I double-checked here, and managed to renew by the laborious method before they expired.
I’ve notified Pair about Wildcard SSL’s being around the corner, and the precise ACME client required, so we will see if they get their system integrated on time.
I checked your new site, and that’s an excellent idea.
The reason I didn’t register is to avoid email clutter, and I never use social engineering ( oops… I mean social networks.) But for the majority of people, I’m sure you’ll do well.
PSjosh. How long is your FREE note going to remain?
Glad you like the idea. Yeah that’s understandable, feel free to register with a disposable email address if you have concerns around that. You obviously won’t receive the notifications, but will have access to info via the dashboard.
Currently just doing some beta testing now, so full access is currently free. I will be introducing paid plans in the future, but will be offering a decent discount for all beta users Plan is to keep a free plan anyway to allow for a number (tbc) of domains to be monitored without paying.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.