I am new to using Let’s Encrypt certificates. What is the best process for renewing certificates? Is there an option to go longer than 3 months? I would like to do annual if possible. My certificate expires at the end of August. Thank you.
Not with LetsEncrypt - only one choice (90 days).
The usual way of renewing certificates is to use a piece of software called "ACME client" which will automate the issuance and renewal of certificates, renewing any certificate 60 days after its issuance, leaving the remaining 30 as a buffer in case of error or in case human intervention is needed.
You can read more here:
and choose your ACME client here:
Funny thing is, you can't even go shorter if you need or want to. 
1 Like
Shorter is likely to come (eventually).
[but probably in the same one-size-fits-all fashion]
1 Like
Well… we have extreme granularity in RSA key size: 1 bit resolution between 2048 and 4096. That’s a lot of key sizes. 
yeah - old tech thou
move to ECC
1 Like
Moving to ecc was the reason I switched from certbot to acme.sh, indeed.
2 Likes
certbot can do ECC - you just have to add the request for it manually
[then it renews like usual]
Didn’t know this. I keep missing certbot’s --dry-run feature in acme.sh. You always risk overwriting good certs and keys with staging ones, there
1 Like
As far as I know, certbot doesn't have a CLI option for that currently? Did you mean manual CSR stuff?
In an attempt to write a PR for certbot, I wrote the ECC code into certbot myself, but that PR was stalled and ultimately canceled. There are two PR's currently active though. Personally using my own code of course 
Yeah, I think I got my wires crossed with this one.
LE.PL has the functionality that I was thinking about.
[https://github.com/do-know/Crypt-LE/]
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.