My domain is:lmemcoin.xyz
Hi folks,
I am looking to locate the public facing link for the test cert issued for lmemcoin.xzy can you please help?
I don't know what you mean. Would you explain how you got your test cert?
And what do you mean by the public facing link for it?
4 Likes
Sorry mike, I did a typo, it was lmemecoin.xyz. Our IT guy left us and I read a post on this site earlier that there is ctn link (I think) to very cert that gets issued . It was a temporary cert. Can you help with that? Is there a link ot the cert issue info, not the cert itself of course, but the cert details.
Thanks
1 Like
I only see one valid cert for that name and it was issued by ZeroSSL not Let's Encrypt
You can download the cert itself but without its matching private key it won't be helpful
To become more familiar with automated certs you could start here
4 Likes
Thanks for this Mike. Very grateful.
2 Likes
...and just in case it isn't clear: all certs are temporary--they're valid for a limited period of time, and then become invalid. In the case of Let's Encrypt certs, they're valid for 90 days, which could very well seem temporary--I can't speak to ZeroSSL. But any cert you get from anyone will expire, so you'll need to have a system in place to renew it (i.e., replace it with one that expires later) before that time.
7 Likes
Thanks Dan. I am learning as I go, so everybody's input is appreciated.
3 Likes
NB:
Subscriber Certificates issued on or after 1 September 2020 SHOULD NOT have a Validity Period
greater than 397 days and MUST NOT have a Validity Period greater than 398 days [https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf §6.3.2]
4 Likes
It seems odd that the difference between the recommended ("SHOULD NOT") and the mandatory ("MUST NOT") is only one day.
4 Likes
Very weird. 397/8 days is 13 months.
4 Likes
The standard maximum being 13 months is so that one can replace it every 12 months, and have a month of overlap in case of an issue with replacement. (Really the same reason that Let's Encrypt recommends replacing their 90-day certificates after 60 days.)
6 Likes
Does that mean that 10-day certs will need to be issued for 40 days?
LOL
4 Likes
No, just that 10-day certs will require much more confidence in one's automation, alerting, and recovery times. (Plus confidence in your CA's automation, alerting, and recovery times for problems on their end.)
5 Likes
The 397 recommendation here is really "Don't push right up to the edge of what's allowed. Leave an extra day in case you mess up date math" (Like Let's Encrypt's "90 days plus 1 second" incident!)
6 Likes
Leap years!
[365+1]+[31]=397
longest year + longest month
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.