Using older certificate after auto renew issued a replacement


#1

Hi there,

What happens when a Let’s Encrypt certificate is renewed in the day 60-90 window, when the old certificate is still before its expiry date?

I’m looking to run a script that retrieves the issued certificate from our server and updates it on third party services, but if the certificate has been renewed before my script runs, is the old certificate invalidated?

Example:

letsencrypttest.com has an SSL cert issued on 1 Jan 2018, with an expiry of 1 April 2018. My script retrieves that certificate and deploys it to the third party services.

The server hosting letsencrypttest.com automatically renews the certificate on day 62 (4 March 2018), but my script to take the renewed certificate and copy that to the third party services doesn’t run for another few days after that.

Will the third party services that use that SSL report that it is valid? Or would we get an invalid certificate error immediately after the renewal of the certificate?

Thanks.


#2

That would still remain valid until you revoke it / the certificate expired.

That would still remain valid… Like most certificates…
(For example, Comodo doesn’t necessarily revoke the previous positive ssl when you request a replacement …)

Thank you


#3

Thank you so much for confirming.


#4

Revoking is also only necessary when the private key might be compromised, thus services revoking certificates only because of renewal would be taking a superfluous step.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.