It sounds like your problem is actually not having good reporting around renewals failing (as said above, renewal should be happening well before expiration), which is really unrelated to the length of the certificates. It's something that I am kind of surprised most ACME clients don't seem to handle better; as a lot will just keep on failing over and over (leading to issues like 80% of HTTP-01 challenges failing), and just logging each time somewhere but to a place that nobody seems to be reading.
3 Likes