When does a renewed certificate expire? 90 days from renewal date or from original expiration date?


#1

When a previously issued certificate is due for renewal and subsequently renewed, when does the renewed certificate expire?

For example, domain.com’s original certificate expires 90 days from the date it was first issued. 60 days later, the renewal cron sees that it will expire in 30 days, so it renews it.

Does the new certificate expire 90 days from the renewal date, or does it add 90 days to the original certificates expiration date (effectively adding 60 days since it was renewed 30 days prior to the original expiration date)?

TIA.


#2

Hi @bryanus

this

Does the new certificate expire 90 days from the renewal date

is correct. A certificate is immutable, so the first certificate has the same conditions as the second, third … certificate.

“Renew” is only something on the client side, it doesn’t affect the properties of the certificate.

So you can renew a new certificate after 30 days -> you will need 12 new certificates per year.
Or you renew your certificates after 89 days -> you need ~~ 4 certificates per year.


#3

Hi @JuergenAuer! Thanks for your reply.

I got a little confused by your ‘this’ in the reply. So to be perfectly clear, the renewal certificate’s expiration is based on the date of the renewal, so:

If my certificate was renewed today, it would expire in 90 days, regardless of the original certificate’s expiration date?

So if I check to renew at 30 days to expiration, I would effectively renew ~6 times a year, i.e. every 60 days, correct?

Thanks!


#4

[quote=“bryanus, post:3, topic:66509”]
If my certificate was renewed today , it would expire in 90 days, regardless of the original certificate’s expiration date?[/quote]

Yes. Your new certificate doesn’t know something about your first certificate.

Yes. Certbot normally renews after 60 days. You can use it. Or you see there are no errors -> 85 days. Or you want always a new certificate -> 30 days.


#5

Thanks for the clarification!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.