Beta testing auto renewals?


#1

Still waiting for my beta invite :slight_smile: But curious in the beta sticky https://community.letsencrypt.org/t/beta-program-announcements/1631/6 you mention

Renewals and Lifetimes
Certificates from Let’s Encrypt are valid for 90 days. We recommend renewing them every 60 days to provide a nice margin of error. As a beta participant, you should be prepared to manually renew your certificates at that time. As we get closer to General Availability, we hope to have automatic renewal tested and working on more platforms, but for now, please play it safe and keep track.

@schoen with GA release a little under 3 weeks to go, how are beta testers testing the automatic renewal process if it’s recommended for renewing them every 60 days manually during beta period?


#2

@eva2000, I think they’re not testing it. If we fix some more renewal-related bugs we would probably recommend that a few people try it by changing the renewal configuration parameters so that renewal happens earlier (say, 85 days before expiry?).

In order to make this work we would also need to adjust the rate limit.


#3

might be good idea to raise limit during beta and shorten auto renewal to say 5-7 days optionally so you can get a good 2-3 auto renewals tested per domain on the small number of whitelisted domains before hand - pretty sure you may run into bugs you’d want ironed out before live GA release :smile:

first impressions do matter for live GA :slight_smile:


#4

I tried testing it… and ran into the rate-limit. My client happily overwrote the existing cert with a zero byte file :slight_smile:


#5

ouch zero byte file ! did you get the old cert files rotated and renamed though so you can roll back ?


#6

No, but I was cleverly testing on new hostnames rather than www…


#7

i see @bmw @jsha @jcjones shouldn’t there be some form of backup or aborting of the overwrite of cert files if rate limit is in affect ?