certify icon indicating copy to clipboard operation
certify copied to clipboard
verified publisher icon webprofusion

Feature request: Ability to define a "scheduled renewal blackout"

Open nmarie276 opened this issue 1 year ago • 2 comments

Hello.

We're using CertifyTheWeb (licensesd version) on our IIS server and, when it's time to renew the certificate, this triggers a IIS website restart. Even if this behaviour is expected, this causes us a downtime to our customers. Currently, as a workaround, we created a Windows scheduled task that:

  • Stops the certifytheweb service at 6:00 AM.
    • Let it as stopped during the working hours.
  • Starts the certifytheweb service at 8:00 PM.
    • The service triggers the certificates renewals if needed. Ideally, we would like to control this directly from the CertifyTheWeb UI, by being able to define a "renewal blackout" schedule. As a result, the renewals will be triggered only during the night.

Thanks for your answer. Regards.

nmarie276 avatar May 21 '24 14:05 nmarie276

It's something to consider, but I would recommend you look at using the windows Centralized Certificate Store (CCS) option for your website bindings. This reads the certificate files directly from disk instead of updating the bindings in IIS (which currently triggers a no-operation update to applicationhost.config, which will then cause app pools to recycle).

webprofusion-chrisc avatar May 21 '24 14:05 webprofusion-chrisc

@webprofusion-chrisc, thanks for this tip. I will study this way.

nmarie276 avatar May 21 '24 15:05 nmarie276