Expire every 90 days?


#1

Please fill out the fields below so we can help you better.

My domain is:
N/A
I ran this command:
N/A
It produced this output:
N/A
My operating system is (include version):
Windows SBS 2011
My web server is (include version):
IIS
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Well the question is simple. I read somewhere that the certificates are issued just for 90 days? (and then have to be renewed)
Is that correct???


#2

That’s correct.

The basic principle is if you set up the system for automatic renewals then the certificate will be automatically renewed every 60 days or so.


#3

To maybe clarify what @serverco said (no criticism intended). The certificates are valid for 90 days but Let’s Encrypt is deliberately set up to make it easy for everybody’s computers to request their own certificates. So the idea is that you’d set your Windows server up to fetch each new certificate and install it automatically before the previous one expires. If that works for you it’s actually less hassle than the approach of buying a certificate from traditional providers every year or three. There are some instructions for doing this with Windows online, but it is so far much more popular for Unix-type systems. Nevertheless we (volunteers like myself and @serverco) are happy to try to help people get their stuff working on Windows too.

As a rule of thumb: If you are comfortable with the Windows command line, you ought to be fine.


#4

Thanks, I understand the philosophy behind this.

I am on Windows. I plan to use this on my (home) SBS2011.
Although I am comfortable with command line, I tried Certify (.Net based, GUI client) which fails to run miserably (something about no vault initialized or something).
I gave this only like 5 minutes yet, but I plan to get back to it.
If you have an idea about the error let me know, else I will use a command line client (I suspect I will need to schedule a script to request renewal every 80 days or something?).

Thanks again. I’ll revisit this very soon.


#5

I believe the letsencrypt-win-simple (command line) client software is able to set up renewals automatically using some built-in scheduler or similar on the Windows platform.

The certbot Python software (which was developed for Unix, I don’t know if it can run on Windows) checks whether a certificate is expiring in the next 30 days and only if so tries to renew it, so we recommend people set this to run every day, since it will do nothing for two months at a time, but once it’s needed it will try every day until it succeeds (e.g. if your network is down or something it will just get retried tomorrow).


#6

Thanks.
Well if it’s Python it can be run if I install Python on my server (I don’t want to - it’s underpowered already for what it does).
I will try my luck next week with the options I am given.


#7

If you want a “lighter” client, have a look at the alternate clients


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.