Certificate Expiration Date


#1

When I set up the certificate auto-renew, does it change the expiration date? Or just renew, but the date remains the same in relation for the day of installation?


#2

A renewed certificate is a new certificate with a fresh expiration date, which for Let’s Encrypt will be 90 days after its issuance. Setting up auto-renewal doesn’t necessarily cause a renewal to happen right away. Normally automated renewals actually happen 30 days before the original expiration date.


#3

@schoen.

I configured my certificate with this line:

0 1,13 * * * /home/ec2-user/certbot-auto renew 

Does this mean that it will update twice a day and that the expiration date will be recalculated with each update?


#4

No. certbot-auto renew looks at the certificate to decide whether to renew it or not. When a certificate is 30 days away from expiring, certbot-auto renew attempts to renew that particular certificate. The expiration date will only be recalculated when this occurs, which will typically be every 60 days for a given certificate, assuming that the renewal process works successfully.

The way you’ve set it up (to run twice a day) is what we recommend, but that doesn’t mean that your certificates will actually be renewed twice per day. Rather, they will be checked twice per day to decide whether they’re due to be renewed or not.


#5

Thank you very much @schoen.

Excellent information!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.