Automatically remove failing renewals

[zachol72]

Perhaps a stupid question, but I can't find the answer...

When a renewal can't be completed, for example if a site/domain/binding is permanently removed from the server, for how long will WACS retry before the renewal is automatically removed (will it?) completely?

[WouterTinus]

No mechanism is implemented to automatically cancel renewals which have been failing for a long time, so it will basically keep trying forever. Perhaps it would make sense to automatically clean them up 5~6 months after the last succesful renewal (because at that point the certificate is surely expired and there's been plenty of time for users to notice it).

But in general I'm not a big fan of automatically deleting/cancelling things as users still might want to have access to the history and/or use the configuration as a template for a new deployment etc.

If you have a high churn rate on your server (i.e. lots of websites being created and removed) and don't want to manage the renewals manually, you could use one of the order plugins: https://www.win-acme.com/reference/plugins/order/

[zachol72]

Ok, thanks. Good arguments.

May I request a setting for this (default value disabled)?

[WouterTinus]

I'll consider this, maybe by moving them to an archive folder or something so that it would still be possible to move them back with full history intact.

[mhoganid8]

I'd like to suggest that if the site in IIS is in the 'stopped' state in IIS, SSL cert renewal be skipped. I often disable a site (non-payment, cancellation, etc) in case the client decides to renew their hosting contract.