Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/acme/autocert: extend RenewBefore to 21 days #19616

Closed
kennygrant opened this issue Mar 20, 2017 · 4 comments
Closed

x/crypto/acme/autocert: extend RenewBefore to 21 days #19616

kennygrant opened this issue Mar 20, 2017 · 4 comments

Comments

@kennygrant
Copy link
Contributor

What version of Go are you using (go version)?

go version go1.8 darwin/amd64

What operating system and processor architecture are you using (go env)?

darwin/amd64

Using Autocert to renew certs results in spurious reminders

Letsencrypt (the only provider supported by autocert) currently sends reminder emails at 20 days, 10 days and 1 day before cert expiry:

https://letsencrypt.org/docs/expiration-emails/

This means the default value of 7 days for RenewBefore in autocert results in 2 reminder emails for each domain every few months, under normal operation. It is possible to opt out of those emails, but then no reminder would be sent in cases where there was a genuine problem with renewal.

It would be nice if the default renewal was 21 days before as then reminder emails would only be sent if there was a problem with the cert renewal. This would also give a bit more time to deal with a problem with a cert if it did arise.

@kennygrant kennygrant changed the title x/crypto/acme/autocert: Extend RenewBefore to 21 days x/crypto/acme/autocert: extend RenewBefore to 21 days Mar 20, 2017
@bradfitz
Copy link
Contributor

/cc @x1ddos

@bradfitz bradfitz added this to the Unreleased milestone Mar 20, 2017
@x1ddos
Copy link

x1ddos commented Mar 22, 2017

Good idea. Been meaning to do this for quite some time. I too keep getting those reminders from Let's Encrypt :)
Will send a change.

@gopherbot
Copy link

CL https://golang.org/cl/38358 mentions this issue.

@kennygrant
Copy link
Contributor Author

Thanks all for changing this.

@golang golang locked and limited conversation to collaborators Apr 21, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
This change amends the default renewal to 30 days before cert expiration,
as recommended by various guides and the official LE documentation:
https://letsencrypt.readthedocs.io/en/latest/using.html#renewal

Fixes golang/go#19616.

Change-Id: I9cfadff936871794e2938304e9e5ab1b0e0353d6
Reviewed-on: https://go-review.googlesource.com/38358
Run-TryBot: Alex Vaghin <ddos@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
This change amends the default renewal to 30 days before cert expiration,
as recommended by various guides and the official LE documentation:
https://letsencrypt.readthedocs.io/en/latest/using.html#renewal

Fixes golang/go#19616.

Change-Id: I9cfadff936871794e2938304e9e5ab1b0e0353d6
Reviewed-on: https://go-review.googlesource.com/38358
Run-TryBot: Alex Vaghin <ddos@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
This change amends the default renewal to 30 days before cert expiration,
as recommended by various guides and the official LE documentation:
https://letsencrypt.readthedocs.io/en/latest/using.html#renewal

Fixes golang/go#19616.

Change-Id: I9cfadff936871794e2938304e9e5ab1b0e0353d6
Reviewed-on: https://go-review.googlesource.com/38358
Run-TryBot: Alex Vaghin <ddos@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
This change amends the default renewal to 30 days before cert expiration,
as recommended by various guides and the official LE documentation:
https://letsencrypt.readthedocs.io/en/latest/using.html#renewal

Fixes golang/go#19616.

Change-Id: I9cfadff936871794e2938304e9e5ab1b0e0353d6
Reviewed-on: https://go-review.googlesource.com/38358
Run-TryBot: Alex Vaghin <ddos@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants