How long before expiration does Certbot automatically renew a certificate?

Firefox does not seem to immediately recognize a new certificate. We received a report from a client on the 12th that Firefox, not other web browsers, did not recognize the new certificate. Perhaps if we could modify how often the certificate is renewed, we could mitigate Firefox's failure.

To answer your question in the thread title ("How long before expiration does Certbot automatically renew a certificate?"): 30 days before expiry by default.

That said, I believe your thread is better suited for the #help category, as issuance tech is more related to the Let's Encrypt side of issuance and not as much the client side. Therefore, I'm going to move your thread to that section.

In the #help section you would have been provided with a questionnaire. Could you please fill out all the questions and if you don't know the answer, please tell us as such?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


One report, from one client?
If so, that sounds like a client problem.
Perhaps their computer clock is not on time.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.