ohadschn
commented
5 years ago Negative values are not passed to the underlying letsencrypt-siteextension library (LetsEncrypt.Azure.Core): https://github.com/ohadschn/letsencrypt-webapp-renewer/blob/ecbda6b26da4f7c92288e4abbfad34206eadfefe/OhadSoft.AzureLetsEncrypt.Renewal/OhadSoft.AzureLetsEncrypt.Renewal/Management/RenewalManager.cs#L75
Instead they are assumed to mean the cert has to be replaced regardless of how many remaining days it has before expiration. This was done to keep things simple - e.g. config letsencrypt-webapp-renewer to renew your certs every 30 days and forget about it.
The default value of -1 for the configuration RenewXNumberOfDaysBeforeExpiration will not work correctly when used with the letsencrypt-siteextension library.
In the library this value will be used to determine which certificates are about to expire by adding it to DateTime.Now. So a -1 would only detect already expired certificates.
I propose to keep this configuration property but align it's default value with the library's - 22 days - and update the readme/code accordingly.
Or, document that if a forced renewal is required set the value to 90 which is the maximum lifetime of a Let'sEncrypt cert, this would then detect any LE certificate as about to expire.