tisba
More info on LE auto renew
Hi, I don't understand how to handle cert renew automatically, is it possible with this CLI?
Hey! I do run it via cron for some FRITZ!Box I "manage". I guess it could be a bit smarter, like running once a week/day and check the remaining validity of the certificate or something.
Can you elaborate a bit more on your question?
Yes, sorry, do you run it locally on your Mac/PC, or do you have a server that handles this for you? I have a MacBook Pro, what happens if the MacBook Pro is not at home when the renewal cron runs? LE allows renewal 30 days before the cert expire date, I imagine that the only problem is if the computer that runs the renewal cron is not at home at least one day before the cert expire date. I'm right?
Actually, the codes does not even try to do a renew, see here: https://github.com/tisba/fritz-tls/blob/61c6f7f3826f1aca243af7cbca424f977a85728b/acme.go#L80-L83
From what I understand and also got confirmed here there is no real difference from obtaining a "new" certificate from renewing.
I do have a Mac Mini running at home, before that I used a Raspberry Pi - that was actually the reason I added ARM binaries :)
For your case, if you don't have a "stationary" system running, we could add an option, that inspects the current certificates and only tries to obtain a new one if the current one is approaching its expire date. If that's in place, it should be rather simple to have fritz-tls run via launchd on a schedule once a day or week.
Hey @valentinocossar 👋 Not sure if this is still relevant for you, but v0.14.0 now does not renew if the found certificate is still valid (not expired and for the correct domain). So you can run it daily for example and it will only renew once every 30 days.