Hello, is it possible to request for instance in ingress certificate with short validation period like 5 days and renew 2 days before expiry date? I would like to test autorenewal before adoption to prod. Thank you
2 Likes
I'm afraid it's not possible to requests certificates from Let's Encrypt with a different certificate lifetime than the current 90 days.
In the future it might be possible to request short-lived certificates, but that's something currently not possible also.
1 Like
Welcome to the Let's Encrypt Community, @kbcz! 
Just set renewBefore to be something like 89 days (to test renewal in one day). It can be set in hours to be even more efficient for testing.
Note:
cert-manager will default to a
durationof 90 days with arenewBeforeof 30 days. IfrenewBeforeis not set and the duration of the signed certificate is shorter or equal to 30 days, therenewBeforetime will be set to 2/3 of the signed certificate validity duration. When settingdurationit is recommended to also setrenewBefore, ifrenewBeforeis longer thandurationyou will receive an error.
5 Likes
Google Trusts Services support limited lifetime certs if you want to try it with them.
In general though, if you get a certificate using one method and then don't change anything (especially firewall rules or network config) then renewals will work exactly the same as the original order.
6 Likes
Nice, this is working exactly as expected. Thank you!
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.