Renewal / Revoke

[joachimcarrein]

The certificates I got are currently 3 months valid. So I tried to find how to do renewals, but didn't find how to do this. I guess the only was is to create a new identifier with a new alias?

Same thing if I would want to revoke the certificate.

Would there be a way to increase the validity?

[ebekker]

Revokes and renewals are not implemented yet, but yes that will be included.

Validity is mostly controlled by LE at this point, they've said they plan on issuing 90-day certs and recommend everyone renews at 60 days. This is regardless of what the requested lifetime of the cert is.

I hope to have renewals in place within that time, working on some infrastructure changes now that will make adding this easier.

[joachimcarrein]

Great,
Thanks for the feedback

[nbevans]

Are renewals implemented yet? Also will the challenge need to be updated on the DNS/HTTP during a renewal? Thanks

[ebekker]

No renewals yet. All verified Identifiers have an explicit expiration date when they will need to be re-Challenged and verified. I believe the verification lasts a year or so, and certs are issued for 90 days, so the first few renewals will not necessarily need to be re-verified, but eventually, yes they will need to be updated.

[hmatt843]

ebekker, I'm using Windows Server 2012 R2 and IIS. I used ACMESharp to get a LetsEncrypt certificate for my site, and it worked great, but now I need to revoke it. Is the only way to revoke it really to install Linux on the machine? What are my options? Please help.

[tschmit]

any update according renewal ?
thank you for all

[oekarlsson]

I have started an implementation of support for Let's Encrypt certificates in the MSPControl control panel (http://www.mspcontrol.org) using the ACMESharp Powershell modules. It's working, but we eventually need renew for this to be complete. What is the current status of plans for renew support in the Powershell modules?

[skfd]

What is the current workaround for renewal?

[ebekker]

You can simply request a new certificate using the same DNS name as before. If your Identifer (DNS name) has been previously Challenge-approved in less than 12mos (which of course is true for everyone since the LE project is not that old yet), then you don't even have to complete the Challenge again, simply make another cert request for the same domain.

LE will happily issue multiple certs for the same domain name over and over again. Once you get the new cert, you simply replace your old one with the new one in your software (i.e. IIS or whatever you're installing it into).

[colinramsay]

This was incorrect, at least in the beta. There's a rate limit on the number of times you can do this. Either way, it doesn't solve revocation.

On 20 Apr 2016, at 21:42, Eugene Bekker notifications@github.com wrote:

You can simply request a new certificate using the same DNS name as before. If your Identifer (DNS name) has been previously Challenge-approved in less than 12mos (which of course is true for everyone since the LE project is not that old yet), then you don't even have to complete the Challenge again, simply make another cert request for the same domain.

LE will happily issue multiple certs for the same domain name over and over again. Once you get the new cert, you simply replace your old one with the new one in your software (i.e. IIS or whatever you're installing it into).

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub