coolaj86/greenlock.js-ARCHIVED
3
3
Fork 0
Code Issues 6 Pull Requests 1 Releases Activity

Automatic renewal #26

New Issue
Closed
opened 2018-12-06 15:00:58 +00:00 by Ghost · 3 comments
Ghost commented 2018-12-06 15:00:58 +00:00
Copy Link

Hi, well done 👍

How automatic renewal works? Does it kind of a cron job?

Or should I call the register method every month to ensure my certificates renewed?

Hi, well done :+1: How automatic renewal works? Does it kind of a cron job? Or should I call the `register` method every month to ensure my certificates renewed?
coolaj86 commented 2018-12-06 17:12:10 +00:00
Owner
Copy Link

Each certificate has an expiry time listed on the certificate which is cached and checked on each new tls session request.

When the certificate is less than 15 days from expiring, register is automatically called (with a random jitter to prevent simultaneous renewal on high-traffic sites).

There’s nothing that you have to do. :)

Each certificate has an expiry time listed on the certificate which is cached and checked on each new tls session request. When the certificate is less than 15 days from expiring, register is automatically called (with a random jitter to prevent simultaneous renewal on high-traffic sites). There’s nothing that you have to do. :)
Ghost commented 2018-12-06 18:01:47 +00:00
Author
Copy Link

Thank you for your quick response.

So it means if there is no traffic for more than 90 days, they will be expired. Am I right?

And I don't use the default middleware. Instead, I've got my own SNICallback. I think in this use-case, the renewal process won't work.

Thank you for your quick response. So it means if there is no traffic for more than 90 days, they will be expired. Am I right? And I don't use the default middleware. Instead, I've got my own SNICallback. I think in this use-case, the renewal process won't work.
coolaj86 commented 2018-12-06 23:45:37 +00:00
Owner
Copy Link

That's correct. This was built assuming a public-facing webserver with daily traffic. However, if I recall correctly, it will wait until the certificate has renewed until responding to the request if the cert is expired.

What's your use case?

Dipping down into the SNICallback is certainly valid, but there may be a way to do what you need to do and still take advantage of the built-in niceties (maybe by calling greenlock's SNICallback after you do what you need to do).

That's correct. This was built assuming a public-facing webserver with daily traffic. However, if I recall correctly, it will wait until the certificate has renewed until responding to the request if the cert is expired. What's your use case? Dipping down into the SNICallback is certainly valid, but there may be a way to do what you need to do and still take advantage of the built-in niceties (maybe by calling greenlock's SNICallback after you do what you need to do).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
jshaver coolaj86
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coolaj86/greenlock.js-ARCHIVED#26
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?