Switch to a default renew_delay of 30d

This is in line with the recommendations of the Let's Encrypt integration guide, and the default most other clients implement as well.
breard-r · Apr 7, 2023 · d3b0804 · d3b0804
1 parent 9cd07e8
commit d3b0804
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/acmed/src/main.rs b/acmed/src/main.rs
@@ -38,7 +38,7 @@ pub const DEFAULT_CSR_DIGEST: HashFunction = HashFunction::Sha256;
 pub const DEFAULT_CERT_KEY_TYPE: KeyType = KeyType::Rsa2048;
 pub const DEFAULT_CERT_FILE_MODE: u32 = 0o644;
 pub const DEFAULT_CERT_RANDOM_EARLY_RENEW: u64 = 0; // default to not renewing early
-pub const DEFAULT_CERT_RENEW_DELAY: u64 = 1_814_400; // 1_814_400 is 3 weeks (3 * 7 * 24 * 60 * 60)
+pub const DEFAULT_CERT_RENEW_DELAY: u64 = 30 * 7 * 24 * 60 * 60; // 30 days
 pub const DEFAULT_PK_FILE_MODE: u32 = 0o600;
 pub const DEFAULT_ACCOUNT_FILE_MODE: u32 = 0o600;
 pub const DEFAULT_KP_REUSE: bool = false;

diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5
@@ -315,7 +315,7 @@ section. Default is 30d.
 .It Cm renew_delay Ar string
 Period of time between the certificate renewal and its expiration date. The format is described in the
 .Sx TIME PERIODS
-section. Default is 3w.
+section. Default is 30d.
 .It Cm root_certificates Ar array
 Array containing the path to root certificates that should be added to the trust store.
 .El