Short expiration times for testing with pebble

I’d like to test my certbot-driven renewal which has a somewhat complicated custom hook. So I was thinking I’d run it against pebble, and have pebble issue certs with very short expiration times (like a few minutes to hours) so I can test what happens when the cert has expired, or is about to expire, and whether my hook behaves.

So I was expecting some pebble config parameter somewhere that lets me set the expiration time for issued certs, but can’t find one. Help?

1 Like

It is hard-coded.

You can try modify the source code in that place, or you can try run Boulder where that setting is configurable in test/config/ca-{a,b}.json.

2 Likes

You could also edit the renewal configuration file and change the renew_before_expiry value to something large. For example, if you set it to 100 days, the certificate will renew immediately when you run certbot renew (because it then renews when the certificate will expire in less than 100 days, which is always true for every Let’s Encrypt certificate).

3 Likes

:wave: Hi @jernst, welcome to the community forum.

I filed a Pebble issue to capture this expectation/feature request. I think it’s a fair request and while @schoen and @_az’s workarounds will help you today it should be supported by Pebble long-term.

Thanks for posting!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.