You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently certificates are renewed if they have less than a week before they expire. This is reasonable, but hard coded, and some people may wish to adjust that. In my case I'd like to match other ACME tool configurations on other system that are set for 10 days before expiry.
I propose adding an --renewal-margin-in-days argument for this setting. It will have a default value of 7. Values less that 1 will be treated as 1. Values greater that 89 will log a warning that this might be longer than the certificate lifetime; just a warning because Let's Encrypt or another ACME provider could ofer a different period or change their policy.
// If certificate expires in more than a week, don't renew
if parsedCert.NotAfter.After(time.Now().Add(time.Hour * 24 * 7)) {
return false, nil
}
log.Printf("[%v] Expiry for cert is in less than a week (%v), attempting renewal", cert.Spec.Domain, parsedCert.NotAfter.String())
The text was updated successfully, but these errors were encountered:
Currently certificates are renewed if they have less than a week before they expire. This is reasonable, but hard coded, and some people may wish to adjust that. In my case I'd like to match other ACME tool configurations on other system that are set for 10 days before expiry.
I propose adding an
--renewal-margin-in-days
argument for this setting. It will have a default value of 7. Values less that 1 will be treated as 1. Values greater that 89 will log a warning that this might be longer than the certificate lifetime; just a warning because Let's Encrypt or another ACME provider could ofer a different period or change their policy.https://github.com/whereisaaron/kube-cert-manager/blob/master/processor.go#L337-L342
The text was updated successfully, but these errors were encountered: