Renewal within 10 days

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:molenster.nl

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @molenster,

Do you mean that you would like Let’s Encrypt software to renew certificates every 10 days?

This feels like a waste of resources to me because that is only 11% of the certificate’s validity period!

Many existing clients let you renew certificates whenever you want (as long as you don’t violate the Let’s Encrypt issuance rate limits). In Certbot, you can set the renew_before_expiry value in the renewal configuration file to a period of time and then certbot renew will attempt renewals if the certificate is going to expire in less than the specified amount of time.

For example,

renew_before_expiry = 80 days

would cause certbot renew to attempt to renew any certificate that expires in less than 80 days, hence any certificate that was issued more than 10 days ago.

Hello Seth,

Thank you for your response.

But no that was not what I ment ask but I got stuck in descrbing my problem.

It is that I have to renew before feb. 22 and within 10 days before that date.

Problem is that I will not be at home in the given period so I can not renew my certificate according to these terms.

I’m using the certificate with my Qnap NAS and the only action that I can perform on an existing certificate is ‘renewal of the certificate’ or replace it.

Now I don’t know what to do. I don’t know what Cerbot is and if it is there how to access it in my NAS.

m.vr.gr. Joop van der Star, molenster@gmail.com, molenster@hetnet.nl

Can you renew it now?

It’s recommended to automatically renew certificates about 30 days before they expire.

No, The message is “certificates can only be renewed within 10 days before expiring.

m.vr.gr. Joop van der Star, molenster@gmail.com, molenster@hetnet.nl

Oh, I see. Sorry for the misunderstanding. What software are you using? It sounds like an unreasonable limitation in that software.

For example, in Certbot you can specify certbot renew --force-renewal at any time in order to force renewal immediately. And Let’s Encrypt’s recommendations is to renew all certificates 30 days (rather than 10 days) before they are due to expire, precisely because of phenomena like people being away on vacation.

Probably only the developer of the Certbot client software that you use can fix this, if you have to use that particular software, but I believe that the behavior is inappropriate.

If the software lets you import externally-generated certificates, you could also for example use an interface like https://www.zerossl.com/ (a third-party web interface to Let’s Encrypt’s services) in order to get the new certificate and then try to import it. I don’t know how that would affect the software’s ability to perform renewals in the future.

1 Like

Thank you,
The whole Qnap system is protected so I can not change any renewal parameter for the certificate. I will try and get into contact with the Qnap office here in The Netherlands.
I will let you know if and what comes out of it.

1 Like

You might also want to ask QNAP why certificate renewal requires manual action. It shouldn’t matter if you go on vacation because QNAP should be able to automatically renew your certificate without any action from you, as many other Let’s Encrypt clients do.

In fact, I’ve noticed most of my certificate renewals happen while I’m sleeping. :sleeping::smirk:

That being said, it appears you do not access your QNAP system remotely from away, or you’d be able to renew it from afar? If nobody will be using your QNAP system while you’re away, it isn’t a big deal if you let the certificate expire, as you can still get a new one after it expires (unless QNAP has a bug with this too). The only annoyance would be having to bypass the certificate expired warning once to get into the QNAP admin to renew the certificate when you get back.

Thank you for your response,

I did send a request for help to the Dutch helpdesk of Qnap.

I also tried to remotely get into my Qnap from my Android phone.

That works by using an internet browser but due to the sceensize/resolution of my phone I can not get to the right position on the screen in order to perform the correct action.

Next to that I’m a bit hesitant to logon as admin into my Qnap from abroad.

Thank you anyhowe.

m.vr.gr. Joop van der Star, molenster@gmail.com, molenster@hetnet.nl

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.