I’d like to test my certbot-driven renewal which has a somewhat complicated custom hook. So I was thinking I’d run it against pebble, and have pebble issue certs with very short expiration times (like a few minutes to hours) so I can test what happens when the cert has expired, or is about to expire, and whether my hook behaves.
So I was expecting some pebble config parameter somewhere that lets me set the expiration time for issued certs, but can’t find one. Help?
It is hard-coded.
You can try modify the source code in that place, or you can try run Boulder where that setting is configurable in test/config/ca-{a,b}.json.
You could also edit the renewal configuration file and change the renew_before_expiry value to something large. For example, if you set it to 100 days, the certificate will renew immediately when you run certbot renew (because it then renews when the certificate will expire in less than 100 days, which is always true for every Let’s Encrypt certificate).
Hi @jernst, welcome to the community forum.
I filed a Pebble issue to capture this expectation/feature request. I think it’s a fair request and while @schoen and @_az’s workarounds will help you today it should be supported by Pebble long-term.
Thanks for posting!