Automatic renewal #26

New Issue

Closed

opened 2018-12-06 15:00:58 +00:00 by Ghost · 3 comments

Ghost commented 2018-12-06 15:00:58 +00:00

Copy Link

Hi, well done 👍

How automatic renewal works? Does it kind of a cron job?

Or should I call the register method every month to ensure my certificates renewed?

Hi, well done :+1: How automatic renewal works? Does it kind of a cron job? Or should I call the `register` method every month to ensure my certificates renewed?

coolaj86 commented 2018-12-06 17:12:10 +00:00

Owner

Copy Link

Each certificate has an expiry time listed on the certificate which is cached and checked on each new tls session request.

When the certificate is less than 15 days from expiring, register is automatically called (with a random jitter to prevent simultaneous renewal on high-traffic sites).

There’s nothing that you have to do. :)

Each certificate has an expiry time listed on the certificate which is cached and checked on each new tls session request. When the certificate is less than 15 days from expiring, register is automatically called (with a random jitter to prevent simultaneous renewal on high-traffic sites). There’s nothing that you have to do. :)

Ghost commented 2018-12-06 18:01:47 +00:00

Author

Copy Link

Thank you for your quick response.

So it means if there is no traffic for more than 90 days, they will be expired. Am I right?

And I don't use the default middleware. Instead, I've got my own SNICallback. I think in this use-case, the renewal process won't work.

Thank you for your quick response. So it means if there is no traffic for more than 90 days, they will be expired. Am I right? And I don't use the default middleware. Instead, I've got my own SNICallback. I think in this use-case, the renewal process won't work.

coolaj86 commented 2018-12-06 23:45:37 +00:00

Owner

Copy Link

That's correct. This was built assuming a public-facing webserver with daily traffic. However, if I recall correctly, it will wait until the certificate has renewed until responding to the request if the cert is expired.

What's your use case?

Dipping down into the SNICallback is certainly valid, but there may be a way to do what you need to do and still take advantage of the built-in niceties (maybe by calling greenlock's SNICallback after you do what you need to do).

That's correct. This was built assuming a public-facing webserver with daily traffic. However, if I recall correctly, it will wait until the certificate has renewed until responding to the request if the cert is expired. What's your use case? Dipping down into the SNICallback is certainly valid, but there may be a way to do what you need to do and still take advantage of the built-in niceties (maybe by calling greenlock's SNICallback after you do what you need to do).

coolaj86 closed this issue 2019-02-05 05:14:07 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

github

next

v4

npm

v3

wip

dns-challenge-regression-fix

v2.4

v2.5

v2.3

v2

v2.2

acmev2

v2.1

greenlock

v1

node-letsencrypt-python

v4.0.5

v4.0.4

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.5

v3.1.4

v3.1.3

v3.0.25

v3.0.24

v3.0.23

v3.0.21

v3.0.20

v3.0.19

v3.0.18

v3.0.17

v3.0.16

v3.0.15

v3.0.12

v3.0.11

v3.0.10

v3.0.9

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.23

v2.7.22

v2.7.21

v2.7.20

v2.7.19

v2.7.18

v2.7.17

v2.7.16

v2.7.15

v2.7.14

v2.7.13

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.10

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.2

v2.4.1

v2.4.0

v2.3.13

v2.3.12

v2.3.11

v2.3.10

v2.3.9

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.20

v2.2.19

v2.2.18

v2.2.17

v2.2.16

v2.2.15

v2.2.14

v2.2.13

v2.2.12

v2.2.11

v2.2.10

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.0

v2.1.19

v2.1.18

v2.1.17

v2.1.16

v2.1.15

v2.1.14

v2.1.13

v2.1.12

v2.1.11

v2.1.10

v2.1.9

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v1.5.8

v2.0.5

v2.0.4

v1.5.7

v1.5.6

v1.5.5

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.2

v1.0.0

v1.0.1

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coolaj86/greenlock.js-ARCHIVED#26

No description provided.