Where is "near expiry" defined?

IOW, how far in advance of the certificate expiration date will “certbot renew” take action to renew a certificate?
Is this configurable?

@schoen - Do you know the answer to @flymikeG’s question?

Yep! It’s defined by the configuration variable renew_before_expiry in the renewal configuration file associated with that certificate, under /etc/letsencrypt/renewal. The file will have a commented-out line that, if uncommented, sets this variable to the default of 30 days. There’s a parser so that you can specify units of time in English.

If I remember correctly, you can also set a systemwide default by setting the same variable in /etc/letsencrypt/cli.ini, but it would be good to test this to be sure that it works as expected.

The Certbot code defines the default as 30 days when not otherwise specified by a configuration file. That code default is set in certbot/certbot/constants.py.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.