Hello,
I am using getssl client for Let’s encrypt.
I have question about renewing
1.Renewing certificate is Issuing newer certificate?
2. or Renewing certificate renews old same certificate?
If it 1 is right,
rate limits apply to renewing same as issuing?
thx.
In essence, renewing is just requesting a new certificate with the same hostnames as the old one. When you add/remove some of the hostnames, it’s not a renewal.
Hello, thx for your reply.
But I can’t understand that rate-limits.
It says
we have a Renewal Exemption to the Certificates per Registered Domain limit.
But, when I tried renewal with getssl, it archiving old certificate file & obtained new certificate.
If we have a renewal exemption, Can I renew infinitely? but I can’t renew certificate over 5 times?
I can’t understand. so can you describe this?
thx.
You can see the rate limits at Rate Limits - Let's Encrypt or summarized at Rate Limits for Let's Encrypt:
Renewal is essentially getting a new certificate, but it is an exact duplicate, so it is a "limit on issuing certificates with the exact same set of names: 5 certificates per FQDN set per week."
Yes, you can renew infinitely into the future, but not more than 5 times in any 7 day period. from the document you refer to
We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates.
getssl will, by default, not renew if the certificate is valid for more than 30 days, so you can put that in a cron to renew every day, and it will only renew the cert every 60 days.
I PERFECTLY understand that.
so thank you for detail.
Renewal is essentially getting a new certificate, but it is an exact duplicate, so it is a “limit on issuing certificates with the exact same set of names: 5 certificates per FQDN set per week.”
Always thx.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.