签发证书时能否增加DNS记录的检测时间？

[jearton]

签发证书的成功率有点低，50%都不到，全都是因为DNS记录检测超时导致的。我用的阿里云DNS凭证

[0xJacky]

可以试下配置一下环境变量

[0xJacky]

对应 UI 里的几个值，我看 lego 的代码是会读取这个 env 的，这个我没法控制，实在不行建议给宿主机换个 DNS。我 CF 还没遇到失败的.

[jearton]

可以，有配置能自己控制时间就行

[jearton]

@0xJacky 顺便请教一下，这个证书多久会自动续期？

[0xJacky]

目前是每7天重签，不过看起来在证书多的情况下会有问题 #319

[jearton]

感觉有点频繁了，毕竟有3个月有效期呢，在过期前几天签就足够了吧。acme.sh 这个项目里是每2个月自动续签，而且续签万一失败，最好能发个机器人消息通知出来，通知到飞书，钉钉，slack这类办公软件里，不然感知不到

[0xJacky]

目前，如果还剩半个月没能正常续签 let's encrypted 会给你发邮件的

[sofusskovgaard]

Currently, if there is half a month left and the renewal fails, Let's Encrypt will send you an email.

@0xJacky as I mentioned in #319, you're never actually renewing the same certificate. Meaning the original certificate will run out every time and the user will receive an email every time no matter what. This also means you could receive up to 52 ish emails a year about certificates.

It feels a bit frequent. After all, it is valid for 3 months. It is enough to sign a few days before expiration. The acme.sh project automatically renews every 2 months, and if the renewal fails, it is best to send a robot message to notify it and notify it in office software such as Feishu, DingTalk, and Slack, otherwise, it will not be detected.

I agree with @jearton. Start trying to renew the certificate when it has 30 days left to live. If it fails the user should be notified by nginx-ui about the failing renewal. Retry for n days, if it fails or succeeds notify the user so they're informed and have a long time to take action.

I hope Google Translate didn't butcher your comments 🙏