Certificate renewal

1. The problem I’m having:

I’m trying to find the information on certificate renewal process, to be precise, when will the certificate gets auto-renewed, how long before the expiry?

Here how my CaddyFile looks for tls config
xx.yyy.com
tls {
issuer acme
on_demand
}

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version: v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=

4. How I installed and ran Caddy:

a. System environment:

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

This is configurable here:

As a general and conservative rule, it is a good idea to renew a certificate when it has about 1/3 of its total lifetime remaining. This utilizes the majority of the certificate’s lifetime while still saving time to troubleshoot problems. However, for extremely short-lived certs, you may wish to increase the ratio to ~1/2.

(The “good idea” is also Caddy’s default.)

Certificates issued by Let’s Encrypt and ZeroSSL have a 90-day lifetime.

Caddy starts renewing certs when they’re 2/3 through their lifetime, so after 60 days it’ll start trying to renew (if it fails, it’ll continue to retry until it succeeds).

thank you guys for sharing the information.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.