Revocation after request or renewal


#1

I read in https://letsencrypt.org/how-it-works/ that Lent’s Encrypt “publishes revocation information into the normal revocation channels (i.e. OCSP), so that relying parties such as browsers can know that they shouldn’t accept the revoked certificate.”

If a certificate is renewed, the old certificate is revoked, correct?
How long is the old certificate still valid?
Is there a statement about this policy?


#2

Hi @marcoc610

that’s wrong.

Create one certificate, then it’s 90 days valide. Then use it 60 - 85 days, then create the next. But if something doesn’t work, you can use the old certificate.

Revocation isn’t required, the certificate expires after 90 days, then it’s dead.

Revocation is only required if your private key is stolen.


closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.