I have a generated a Let's Encrypt SSL Certificate which is going to expire in 90 days. Is there a way to expire it explicitly within 1 month or 15 days for testing a python script which will renew the SSL Certificate if it is expired.
Please guide. Thanks in advance.
You can't force a certificate to expire. You can simply renew a certificate early, delete the old certificate's private key, and let the old certificate expire naturally. You don't want to wait until a certificate expires to renew it, so your script test will simply be renewing earlier than recommended (30 days prior to expiration). Please use the staging environment for testing.
In short: NO.
You can't request a cert with any other expiration than 90 days from issuance - no more, no less.
I'm not sure how your script is designed, but one thing you could try is to revoke your cert and re-issue it.
Hi @arpmeister and welcome to the LE community forum
Please don't recommend wasting LE resources by revoking a cert for no other reason that one being done with using it.
Welcome to the Let's Encrypt Community
I didn't understand your request. it was something like don't recommend cert revocation for any reason except something or other.
Thanks for the articulate rational for not revoking a cert.
see, my advice was to a guy who is trying to test a script that renews a cert. if the script only works if the cert is expired, then revoked may work to get to a possibly useful state to finish the script. but then again it may not, I left it up to the scripter to decide its usefulness.
A revoked certificate is not necessarily an expired certificate. Why on earth would anyone ever write a script that only renews a certificate once it has already expired? By that point it's far too late. Given that the only criteria that applies is the comparison of the current date (A) with the Not After date of the existing certificate (B), I fail to see the complexity of the problem. The recommended renewal time is when B - A = 30 days. If you want to renew only when A > B, I suppose you can, but it guarantees that failure has already occurred.
My request is simple: Don't recommend revoking certificates; That WASTES resources.
If anything, recommend that they use their own CA and not LE for anything of the sort.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.