Getting reduced duration certificate


For testing renewal systems is it possible to get a certificate with a reduced duration? Say 1 hour?


Why not use --dry-run? Why such a short lifetime? What is the specific reason for it?


I’m creating a custom letsencrypt client and I want to be able to test
every aspect of the cert life cycle. Say how would the system react to cert
about to expire or already expired? This is obviously easier with shorter
validity periods.


For this purpose you might consider running your ACME client against a local instance of Boulder, the Let’s Encrypt server-side CA. The quickstart instructions are the best place to start. You can modify the CA.json config file to use smaller expiry values - I haven’t tried this personally but I believe it will accomplish what you’re looking for.


That sounds like it would work well, thanks


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.