refs. Questions about Renewing before TLS-ALPN-01 Revocations
The article describes it as follows.
The third column is the time at which the certificate was issued (in RFC3339 format, i.e. YYYY-MM-DDTHH:MM:SSZ, all times UTC).
However, the first line of the CSV says "regID", "serial", "notAfter", "names".
I think it's the expired date (notAfter), not the issued date (notBefore).
Hello @cocurl, welcome to the forum and nice catch!
The 3rd column is supposed to show the issue date (notBefore) as indicated in the text you quoted. This is further indicated in @jillian's comment, "...on 28 January 2022 we we will revoke certificates issued in the last 90 days and validated with the TLS-ALPN-01 challenge."
So that would be the issue (notBefore) date, not the expiry (notAfter) date - a typo.
@jillian, It appears an error was made in the cvs file, first line. "notAfter" should be "notBefore".
As a general note for everyone's benefit, the notBefore date is actually one hour before the certificate was actually issued because Let's Encrypt backdates by an hour at issuance.
Is it true that notBefore is correct, really?
So why are the dates in the CSV records in the future?
$ head tls-alpn-01-affected-certs-by-regID.csv
The CSV file earlier also stated notBefore, but was corrected after someone saw the error and mentioned it. It seems the website wasn't corrected.
@Osiris Thanks for making the Pull Request.
I'll close this thread once the web page is fixed or I get a response from the person responsible.
Yes, you've spotted an error that was pointed out to us a few days ago. We corrected and re-uploaded the file, but it looks like the website change didn't happen. Earlier versions of that file have the wrong column name so the PR for the website should probably note that information.
thanks @Osiris for the PR, I'll try to get some Let's Encrypt on it today!
Thank you for confirming. Best regards.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.