You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
acmed is currently renewing certificates with a fixed offset from the expiry of the certificate. It's configurable, but defaults to 3 weeks. The recommendation from Let's Encrypt here is a third of the certificate lifetime, so that means 30 days before expiry. The default should therefore probably be changed here.
Another thing to do about scheduling renewals, to help acme providers with load spikes, is adding some randomization to the renewal time. Let's Encrypt suggests to space out certificate renewals by renewing some certificates a few days early. This is difficult to implement with the current architecture, but should be nearly trivial to implement once the async rewrite is done.
The text was updated successfully, but these errors were encountered:
Splitting this out of #71.
acmed
is currently renewing certificates with a fixed offset from the expiry of the certificate. It's configurable, but defaults to 3 weeks. The recommendation from Let's Encrypt here is a third of the certificate lifetime, so that means 30 days before expiry. The default should therefore probably be changed here.Another thing to do about scheduling renewals, to help acme providers with load spikes, is adding some randomization to the renewal time. Let's Encrypt suggests to space out certificate renewals by renewing some certificates a few days early. This is difficult to implement with the current architecture, but should be nearly trivial to implement once the async rewrite is done.
The text was updated successfully, but these errors were encountered: