Closed drewek-smf closed 1 year ago
One more thing: I now changed the Domain Name in the DB for the existing Certificate (which expires in a few days) by appending an X. My app therefore did not find a matching Certificate on startup, but the log still contains the "Certificate already found" message...? Where does it find it??
So first of all
But I want to renew a Certificate earlier than actual expiry.
Did you try using this? The default is that renewal occurs 30 days before expiration, but you can adjust this higher if you want.
but the log still contains the "Certificate already found" message...? Where does it find it??
It's really hard to say without steps to reproduce the same situation, sorry.
This issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please comment if you believe this should remain open, otherwise it will be closed in 14 days. Thank you for your contributions to this project.
Closing due to inactivity. If you are looking at this issue in the future and think it should be reopened, please make a commented here and mention natemcmaster so he sees the notification.
Hi
I'm pretty sure it's not a bug in the lib, but rather something on my side, I just can't figure out.
I'm using LettuceEncrypt (1.1.0-beta-73) and implemented GetCertificatesAsync from ICertificateSource in my DB Context. There, I read the DB for an existing Certificate (it's single domain):
So long, this works fine. Including a renewal of the found Certificate, if it's expired.
But I want to renew a Certificate earlier than actual expiry. So if I find a Certificate, I check its NotAfter-Property, and if it remains active for less than 30 days, I just write a debug message and omit the Certificate, hence returning an empty List.
The issue now is, that for such a use case I can see my debug message, but the following log line says "Certificate for XYZ already found" - this comes from LettuceEncrypt.Internal.AcmeStates.MoveNext().
Opening the Web Page again, my Browser still shows the old Certificate, as still valid (it IS valid, but I did return an empty list, omitted this Certificate). Opening the page in other Browsers which I did not use for some time, they still show the old valid Certificate. BUT - some users are using CLI Requests (such as cURL) to query my APIs, and they get errors regarding SSL.
What I currently do in this case is: Alter the Server Date (+1 month) and restart my app, so the Certificate is apparently expired. This works, and LettuceEncrypt refreshes it regularly. All Browsers and CLI Clients stop complaining
What am I doing wrong..?
Regards, Michael