Period of validity of LE certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
-/-
It produced this output:
-/-
My web server is (include version):
IIS-10
The operating system my web server runs on is (include version):
Windows MS 2016
My hosting provider, if applicable, is:
df.eu
I can login to a root shell on my machine (yes or no, or I don't know):
idk
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello,
I am facing the problem that I need a certificate for my website abc.hypeinnovation.com that is valid for longer than 90 days. We only use wildcard certificates for our domain. The customer is using a WAF appliance and I cannot hand out the wildcard for the domain.

There is no need for automation etc. I just need a valid certificate for as long as possible.

I know it is mentioned in the FAQ, but my manager asked me to confirm that LE certificates are only valid for 90 days and that there is no extended variant of it.

Thank you

1 Like

The following statement is correct.

If you need to obtain a longer lived certificate, you must seek it elsewhere. If traffic will always pass through the WAF, you may be able to use a privately issued certificate such as the ones offered by the Cloudflare Origin CA. You will need to consult your WAF documentation to see what options may exist. Otherwise you can purchase a commercial wildcard certificate.

As long as you require a certificate lifetime longer than 90 days, Let's Encrypt has nothing for you.

6 Likes

There are other free CAs that offer longer certificates. Buypass Go offers free 180 days certificates through ACME, though I don't think they offer wildcards.

But in general, any setup of certificates that isn't automated (whether through ACME or some other CA's proprietary automation solution) is going to be more and more of a pain as the industry moves to shorter-lived certificates and it generally becomes the accepted way to do things. And using ACME but not automating it is really just making things hard on yourself.

5 Likes

Correct, you'd get an error:

Bad Request :: Wildcard not supported, but (...) requested

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.