Do certmagic renewals happen automatically?

Hi, I’m using certmagic as a library to create and renew certificates for a large number of domains. The traffic to the domains does not go through the application I’m developing, except when accessing the HTTP challenges to issue the certs.

Will certmagic automatically renew these certificates on a regular basis even when no traffic is being forwarded through it?

Yes, they’re automatically renewed.

For specifics, when NewCache() is called (which is done in NewDefault() when setting up the config), a goroutine is started with go c.maintainAssets(0) which will use a ticker that will check (every 10 minutes by default) if any of the managed certificates are in the renewal window (i.e. 1/3 of their lifetime remaining, so for 90 day certs, this means that they have 30 days before expiring), and if so, will attempt to renew them in the background.

The code is pretty easy to read and is well commented, so you can give it a dive to see how all works :+1:

1 Like

Thanks for the deep explanation!

1 Like

This topic was automatically closed after 60 days. New replies are no longer allowed.