Renew Lets Encrypt SSL *before* 30 days

marcusquinn

• https://docs.cloudron.io/certificates/#automatic-renewal
• https://mxtoolbox.com/problem/https/HTTPS-Certificate-Expiration

Perhaps 45 days is safer for email deliverability continuity please?

girish

@marcusquinn Mmm, not sure what the mxtoolbox link says but what Cloudron does is aligned with https://letsencrypt.org/docs/integration-guide/#when-to-renew . The LE code is almost 3 years old now but when we initially wrote it, you couldn't even renew the cert earlier than 30 days. Not sure how things are now.

marcusquinn

@girish Odd, I seem to have a couple that are expiring 12th Jan.

marcusquinn

Yes, I've clicked to Renew All

girish

@marcusquinn If you click on renew all and then click the logs button, it should tell you whether it's trying to renew (or not). But yeah, I am not sure why it hasn't tried to renew this one yet.

marcusquinn

@girish Just thinking, maybe because we have so many domains it's rate-limits. You had anyone hit that before?

girish

@marcusquinn It's definitely possible to hit some rate limit. Rate limits are hit mostly per domain though and the per account limits are quite high - https://letsencrypt.org/docs/rate-limits/ . So having a lot of domains, even 1000s is not a problem.

marcusquinn

@girish OK, cool, will give it a few days and maybe it'll solve itself

jdaviescoates

@marcusquinn is it a wildcard domain that is (nearly) expiring?

I occasionally get warnings about my certificates being about to expire (e.g. in 20 days), but only on the one domain I've still got on a wildcard instead of using Gandi API key.

So far I think it's always auto renewed in time...but still ever so slightly concerning to get those emails.

marcusquinn

@jdaviescoates nope, just regular domains, not sure why but will just wait and see I guess