Scheduling cert renewal

Help
1

certbot 5.6.0 ubuntu 22.04

Somehow I messed the certificate timeline a bit:

In the past I had certbot running and periodically it updated the cert files in /etc/letsencrypt/archive/mydomain.de. Besides the apache2 webserver, which received he files by the symbolic link mechanism between the live and the archive directories, I was running a mail server (CommuniGate). This server received its certs by loading them manually every three months through its GUI.

Recently I finally managed to feed the certs to the CG-Server by a CLI script.
The last cert was valid up to June, 10th, 2026. certbot doesn't know of that date, since it has proceeded meanwhile in its "one month before expiration"-schedule. Through my recently enforced renewal I caused the cert to expire on Aug, 22nd. That would mean, that cerbot would renew on around Jul, 24th.

Can I tweak certbot in such a way, that it generates a certificate valid up to a date of July 10th
and then starts the generation of the "one month before expiration"-schedule on June 10th? Yes, it may sound awkward, but I would not like to wait until July just to test whether my automated (deploy-hook) works.

4

Eventually certs (industry-wide) are going to get shorter lifetimes by default, e.g. 47 days, so the 1-month before renewal approach is better expressed as a % lifetime, e.g. renewing at 75%. For instance you can already request certs that are only valid for 7 days, so you can see that working in days makes less sense depending on cert lifetime.

I would recommend configuring a post-renewal hook to deploy your certificate via your command line script, so that it doesn't matter when it renews, it just does it.