Auto renew expired certs?

[ronag]

The certificates will eventually expire which might cause problems. Would it be possible to auto renew?

[manast]

If you mean LE certificates, they are renewed automatically. Other manually installed certificates needs of course to be renewed by hand...

[brainstorm]

The main issue I'm seeing with this is that currently redbird does not seem to have a LetsEncrypt live folder lifecycle.

In other words, as as mentioned here and issue #89, if the docker container is re-spawned too often, LetsEncrypt throttles the renewal/issuance of new certificates. Instead there should be a mechanism to back up the live certs into a secrets vault, encrypted S3 bucket or similar.

/cc @reisingerf

[brainstorm]

Disregard my last comment, my colleague just noticed that according to docs, this important bit is left to the user to fix on its own: "Its your responsibility to backup, or save persistently when applicable."

[reisingerf]

It would never the less be great if the documentation would be a bit more clear/explicit on that point. I am guessing from the comment in the config example:

WARNING: Only use this flag when the proxy is verified to work correctly to avoid being banned! that if the production flag is set to false, you are using the staging environment of LetsEncrypt to get around the low rate limits on the production environment. If that's true, you could perhaps add a comment/link to the relevant LetsEncrypt page? https://letsencrypt.org/docs/rate-limits/

[chranmat]

If you mean LE certificates, they are renewed automatically. Other manually installed certificates needs of course to be renewed by hand...

I just received an expire warning email on one of my LE certificates from "Let's Encrypt Expiry Bot".

When exactly is the cert renewed and how can I verify this?