Is Let's Encrypt okay with our requesting new certs instead of renewals?


#1

We maintain a rather large number (tens of thousands) of certificates on behalf of our customers, and we’re switching our workflow to use Certbot as an Acme client to create and renew certificates. (We don’t need Certbot to manage renewals, we just use it to interact with Let’s Encrypt.)

It would be much simpler for us to not keep track of the private keys needed for renewal requests, and to instead request brand new certificates every three months.

We want to be respectful users of this great service, so we’re wondering if this is okay with Let’s Encrypt (subject to rate limits of course).

Thanks!

rodney


#2

Hi @rgitzel,

Do you mean the ACME account keys here (so you would register new accounts every few months)?


#3

We plan to stick to using just the one account for the foreseeable future (moving the account files from server to server as we deploy new code).


#4

So, you’re just planning to issue the new certificates with a different private key instead of the same private key? That’s already the default behavior of Certbot and is totally unobjectionable. :slight_smile:


#5

Excellent! We thought we might need to keep an EBS volume going to move from instance to instance on deployment.

Thanks!

rodney


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.