x/crypto/acme/autocert: Manager.RenewBefore must be >1hour #36548
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What did you do?
Used a
Manager
withRenewBefore
set to 5 minutes (as a part of a test while running my own boulder instance):What did you expect to see?
I expected that the manager actually used 5 minutes as
RenewBefore
, since the documentation states:What did you see instead?
RenewBefore
being set to 30 days.There is a check that makes sure that the value specified is more than the
renewJitter
(1 hour):https://github.com/golang/crypto/blob/61a87790db17894570dfb32dbaa0a4af9ce60cb4/acme/autocert/autocert.go#L1098
Either it should be allowed to use values less than one hour, or the documentation should reflect that values less than an hour is the same thing as "30 days".
The text was updated successfully, but these errors were encountered: