Certificate renewal with on-demand technology

We’re using caddy on-demand technology with an enabled ask function for connecting custom user domains. We use redis to store certificates and our valid domains for “ask” function. That’s clear that we dynamically obtain a new certificate during the first TLS handshake when domain is validated by ask function. So with on-demand technology we could skip validation of domain DNS setup. But we have a question about certificate expiration and renewal.
Do we need to validate DNS setup when the certificate is expired as renewals happen in the background? We found not so much information about the renewal process.

1 Like

Nope.

On-Demand TLS manages certificates “on-demand” instead of on a ticker in the background. In other words, certificate management for on-demand TLS is triggered by actual TLS connections, whereas regular cert management is triggered by a ticker that runs in the background.

In all cases, the actual cert obtain/renew ops happen in the background whenever possible so as not to be blocking. The difference is what triggers the maintenance.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.