Certificate Renewal

I am new to using Let’s Encrypt certificates. What is the best process for renewing certificates? Is there an option to go longer than 3 months? I would like to do annual if possible. My certificate expires at the end of August. Thank you.


Not with LetsEncrypt - only one choice (90 days).

The usual way of renewing certificates is to use a piece of software called “ACME client” which will automate the issuance and renewal of certificates, renewing any certificate 60 days after its issuance, leaving the remaining 30 as a buffer in case of error or in case human intervention is needed.

You can read more here:

and choose your ACME client here:

Funny thing is, you can’t even go shorter if you need or want to. :smiley:

1 Like

Shorter is likely to come (eventually).
[but probably in the same one-size-fits-all fashion]

1 Like

Well… we have extreme granularity in RSA key size: 1 bit resolution between 2048 and 4096. That’s a lot of key sizes. :smiley:

yeah - old tech thou
move to ECC

1 Like

Moving to ecc was the reason I switched from certbot to acme.sh, indeed. :smiley:


certbot can do ECC - you just have to add the request for it manually
[then it renews like usual]

Didn’t know this. I keep missing certbot’s --dry-run feature in acme.sh. You always risk overwriting good certs and keys with staging ones, there :smiley:

1 Like

As far as I know, certbot doesn’t have a CLI option for that currently? Did you mean manual CSR stuff?

In an attempt to write a PR for certbot, I wrote the ECC code into certbot myself, but that PR was stalled and ultimately canceled. There are two PR’s currently active though. Personally using my own code of course :stuck_out_tongue:

Yeah, I think I got my wires crossed with this one.
LE.PL has the functionality that I was thinking about.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.