What is the expiration time threshold below which LetsEncrypt certificates will auto-renew?

Question

I have a few domains on some server, all certified by LetsEncrypt certificates. The certificate is due to expire in 11 days, on July 9th.

However, when I try to renew using /opt/letsencrypt/letsencrypt-auto renew, I get this:

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/what1.ever.com/fullchain.pem (skipped)
  /etc/letsencrypt/live/what2.ever.com/fullchain.pem (skipped)
  /etc/letsencrypt/live/what3.ever.com/fullchain.pem (skipped)
  /etc/letsencrypt/live/what4.ever.com/fullchain.pem (skipped)

It seems a bit odd that certificates can't be renewed 11 days before the expire, but it might be a matter of policy rather than a bug.

What is the expiration time threshold below which LetsEncrypt certificates will auto-renew?

score 4 · Accepted Answer · answered Jun 28 '16 at 13:02

4

According to certbot documentation:

This will attempt to renew any previously-obtained certificates that expire in less than 30 days.

answered Jun 28 '16 at 13:02

Lie Ryan

31,089
6
68
93

1

I just read the same, elsewhere (sorry, tab closed now): the automatic process starts polling after 60 days. That *should* mean your manual process will receive new certs within the other 30 days of the 90-day lifetime. – Jun 28 '16 at 13:09

What is the expiration time threshold below which LetsEncrypt certificates will auto-renew?

1 Answers1