Reducing the auto-renewal interval

Help
1

Hello all,

I am testing out certbot & LetsEncrypt and I wanted to reduce the renewal time from 60/90 days to something much smaller so I can see changes sooner.

Is there a way, for example, to set the auto-renewal to kick in when there 88 days remaining?

Apologies if I've overlooked this somewhere obvious and thanks in advance for any help!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: letest.condenast.co.uk

I ran this command:

It produced this output:

My web server is (include version): nginx/1.25.3 (nginx-plus-r31-p1)

The operating system my web server runs on is (include version): Ubuntu 20.04.6 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 3.0.1

2

You should not use the production system to test. You can easily end up hitting rate limits.

This would use the staging system to test. It will not affect your production certs

sudo certbot renew --dry-run

Is there some other command you need to test? Sometimes clever techniques are needed.

3 Likes
3

Such as? What are you actually attempting/doing?

1 Like
4

Hello,

I wanted to see a couple of things.

First, how certificates of different ages renew (as each one ages or all at once).
Second, watching renewals run for a few reps without any manual intervention.

5

I don't understand how this would be interesting/relevant? Or perhaps I don't understand.

The --dry-run option as earlier mentioned should be fine for that.

6

Certbot looks at all its certs and renews each one as needed. Usually this is 30 days before expiration. It will also renew if it was revoked.

Use this to see all its certs

sudo certbot certificates

An automated renew should have been installed on your system when installing Certbot. You probably have a systemd timer but see here: User Guide — Certbot 3.1.0.dev0 documentation

You might also consider setting up a "health check" from the public internet. There are many sites and services for this. Or build your own. This could ensure your server is reachable and is using a current cert.

2 Likes