Unfortunately, I believe certificates obtained with “manual” can’t be renewed by
certbot renew at all. This might not be true with hooks, but I’ll have to double-check.
[quote]That doesn’t make sense to me: if certs are renewed if time to expiry is less than 30 days, then 7 or even 9 days seems completely sufficient to make sure that they are renewed before they expire. If you had said that a daily check is better because the plan is to significantly reduce the duration of letsencrypt certs, then I would understand, but like this?
This was an arbitrary decision to make sure that people would have a comfortable amount of time in which to respond to possible renewal failures, taking into account that people may be on holiday, may have taken over a job or responsibility from someone else, may require other people’s help to complete the renewal process, etc. We often get people asking here about certificates that are only a short time away from expiry, which is unfortunate because it increases everyone’s stress level unnecessarily. If the default renewal interval were higher, we would probably be getting even more questions from people who are in this situation.
You can change this interval with a setting called
/etc/letsencrypt/cli.ini if you think it’s too long.