[buug] letsencrypt
Ian Zimmerman
itz at primate.net
Mon May 8 14:46:28 PDT 2017
On 2017-05-07 21:53, Michael Paoli wrote:
> Well, I seem to recall (which may *not* be fully accurate)
> ... that the default behavior is renewal attempts start at 30 days
> before expiration, and continue daily thereafter until successfully
> renewed/replaced. I'm fairly sure that information is in the
> various documentation/FAQ(s) or the like - at least that's where I
> seem to recall having read it before.
Re-reading certbot.eff.org, it does indeed say "distant future" is
defined as 30 days. My bad for missing it the first time.
Given that, I think I'm comfortable with a daily cronjob. It would be
_really_ unlucky for letsencrypt DNS to be fscked 30 consecutive days.
Thanks for the ideas, I'll add them to the "when bored" list :-)
--
Please *no* private Cc: on mailing lists and newsgroups
Personal signed mail: please _encrypt_ and sign
Don't clear-text sign:
http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html
More information about the buug
mailing list