Letsencrypt certificate renewals

Richard_Stupek1 · October 4, 2022, 8:54pm

1. Output of `caddy version`:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

a. System environment:

amazon linux 2

b. Command:

caddy run --config caddyfile.json

d. My complete Caddy config:

3. The problem I’m having:

I wanted to find out how to insert some variability in the renewal of domain certificates. If I have 200 certificates that will need to be renewed in a small amount of time, is there a way to throw some randomness on when caddy begins trying to renew them?

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

matt · October 4, 2022, 9:27pm

Not currently. If a renewal fails, Caddy will simply back off and retry.

Edit: However, you can set the renewal_window_ratio parameter:

But this will not really “throw some randomness” on it, unless you randomize that ratio I guess?

francislavoie · October 5, 2022, 1:21am

Also FWIW, 200 is not that many.

Some users of Caddy manage tens of thousands of certificates.

You won’t hit any rate limits with 200; Caddy has its own internal rate limit and has a bunch of fallback mechanisms in case issuance attempts fail.

system · November 3, 2022, 8:55pm

This topic was automatically closed after 30 days. New replies are no longer allowed.