Sujet : Re: 6-day TLS certificates from Let's Encrypt
De : * (at) *nospam* eli.users.panix.com (Eli the Bearded)
Groupes : comp.miscDate : 15. Dec 2024, 04:11:40
Autres entêtes
Organisation : Some absurd concept
Message-ID : <eli$2412142206@qaz.wtf>
References : 1 2 3 4
User-Agent : Vectrex rn 2.1 (beta)
In comp.misc, Theo <theom+
news@chiark.greenend.org.uk> wrote:
It sounds quite handy to me. One of the problems with Let's Encrypt is that
you set up your server, you get a LE certificate, you set up a cron job for
renewal. And then 90 days later you find out that your cron job didn't work
for $reasons and the cert expired. Making this timeout 6 days means that
you find this bug much quicker - if it's still working after a couple of
weeks then things are good.
When I have problems, I get mail from Let's Encrypt saying things like
"your cert is expiring in two weeks, did you know that?". That's why you
give them an email address during setup.
In my case, it's usually not because there is an issue with cron, but
because I have N names in one cert and I deleted the DNS record for one
of those and didn't update the LE config. They, quite rightly, don't
like to give out certs for names that don't resolve.
Elijah
------
sometimes uses wildcard certs
6-day TLS certificates from Let's Encrypt
Re: 6-day TLS certificates from Let's Encrypt