capistrano-lets-encrypt icon indicating copy to clipboard operation
capistrano-lets-encrypt copied to clipboard
verified publisher icon platanus

Auto renew

Open micred opened this issue 9 years ago • 3 comments

Hi everyone, even if I set :lets_encrypt_days_valid to 365, the generated certificate is valid 3 months.

I was wondering how to keep certificates of different servers updated, since capistrano scripts are run client side, but a server-side auto renew would be great. How do you auto renew the certificates?

Michele

micred avatar Apr 01 '16 15:04 micred

mm, yes, that's a problem.. All let's encrypt certificates are valid for 3 months... the lets_encrypt_days_valid value is used to define when you want to renew, for example if it's set in 15, and you run capistrano when the cert is valid for 20 more days, that cert is not going to be renewed, but if it is valid for 10 more days it will.

The automation thing is something that I'm aware of. The thing is that we are moving out from capistrano so we don't have the need to do that..

blackjid avatar Apr 01 '16 16:04 blackjid

Ok, do you have any idea to how overcome this? I can work on it. Maybe we can solve generating the certs server-side and set a cronjob to renew, in place of generating the certs client-side and copying to the server via scp (as in current implementation). How does that sounds? It's definitely a less secure solution.

micred avatar Apr 01 '16 18:04 micred

What you need to to is move the renew/issue code to a rake task which you can later call with whenever (which will set an appropriate cron job for you).

itay-grudev avatar Jul 16 '16 03:07 itay-grudev