I have a generated a Let's Encrypt SSL Certificate which is going to expire in 90 days. Is there a way to expire it explicitly within 1 month or 15 days for testing a python script which will renew the SSL Certificate if it is expired.
You can't force a certificate to expire. You can simply renew a certificate early, delete the old certificate's private key, and let the old certificate expire naturally. You don't want to wait until a certificate expires to renew it, so your script test will simply be renewing earlier than recommended (30 days prior to expiration). Please use the staging environment for testing.
Thanks for the articulate rational for not revoking a cert.
see, my advice was to a guy who is trying to test a script that renews a cert. if the script only works if the cert is expired, then revoked may work to get to a possibly useful state to finish the script. but then again it may not, I left it up to the scripter to decide its usefulness.
A revoked certificate is not necessarily an expired certificate. Why on earth would anyone ever write a script that only renews a certificate once it has already expired? By that point it's far too late. Given that the only criteria that applies is the comparison of the current date (A) with the Not After date of the existing certificate (B), I fail to see the complexity of the problem. The recommended renewal time is when B - A = 30 days. If you want to renew only when A > B, I suppose you can, but it guarantees that failure has already occurred.
My request is simple: Don't recommend revoking certificates; That WASTES resources.
If anything, recommend that they use their own CA and not LE for anything of the sort.