Closed RonniSkansing closed 7 months ago
The unused cert will stay in storage until it expires, then it will be deleted once expired. So it'll stay in storage for up to 90 days.
We wait until some time after it expires just in case it's useful to have around for any sort of investigations but yeah, it'll be cleaned up automatically later.
Do NOT revoke certificates unless a private key has been compromised.
What is your question?
When using the
certmagic.OnDemandConfig
does certmagic automatically clean up certificate storage, when a domain is no longer allowed?Example:
Also, I am assuming caching does so the DecisionFunc is not call everytime when a name has been allowed. So when a domain goes from being allowed to not allowed, is there a function or logic that must be followed to bust the cache for that name, should I manually revoke and/or delete the certificate files?
What have you already tried?
I tried looking into the source files, but been unable to conclude the exact behavior or how it is handled with DecisionFunc