I am confused about certificate renewal

#1

Hello everyone, please help me to understand.
I write a script to create and renew certificates uses acme v01 API: https://acme-v01.api.letsencrypt.org/ with DNS-01 challenge
When I renew a certificate, I found that my certificate can renew without doing a challenge in about 1 month from the time it was created, after that time I have to do the DNS-01 challenge.
Is it operate correctly?
Certificates have 03 months to live before it expires
Can I renew a certificate without doing dns-challenge in the last month before it expries.
assuming that I don’t use DNS provider API to automate the dns-challenge declaration!
Thank all !

#2

Yes this is normal and expected
The DNS authentication can be cached for up to 30 days.
[They are bound to the LE account and are not guaranteed to be cached for any length of time; You should be ready to pass a new DNS challenge (if requested).]

No, after 30 days the cached authorization will be gone.

2 Likes
#3

Thanks !!:smiley:

1 Like
closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.