Renew SCEP certificates 180 days before expiration

[noahtalerman]

Goal

User story
As an IT admin,
I want Fleet to automatically renew the SCEP certificates installed on my hosts 180 days from expiration
so that my SCEP certificates don't expire when an end user goes on parental leave and thus, I don't have to turn on MDM again these macOS hosts.

Context

• Requestor(s): @noahtalerman
• Product designer: @noahtalerman

It looks like this is what Jamf does (from this doc):

Today, Fleet renews certificates 30 days from expiration:

• 15332

Changes

Product

• [ ] 180 days before a host's SCEP cert expires, Fleet sends an InstallProfile command with an enrollment profile. This causes the SCEP certificate to be renewed.
  • If renewal fails, Fleet logs an error and tries again the next cron run.
• [ ] UI changes: No UI changes.
• [ ] CLI usage changes: No CLI changes.
• [ ] REST API changes: No REST API changes.
• [ ] Fleet's agent (fleetd) changes: No fleetd changes.
• [ ] Permissions changes: No permissions changes.
• [ ] Changes to paid features or tiers: No changes to paid features and tiers.

Engineering

• [ ] Reference documentation changes: TODO
• [ ] Usage documentation changes: TODO
• [ ] Database schema migrations: TODO
• [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[georgekarrv]

Hey team! Please add your planning poker estimate with Zenhub @dantecatalfamo @ghernandez345 @gillespi314 @jahzielv @mna @roperzh

[georgekarrv]

Just a call out that this will retry the next cron instead of next day