wmnnd / nginx-certbot

Boilerplate configuration for nginx and certbot with docker-compose
MIT License
3.16k stars 1.17k forks source link

should we decrease the `certbot renew` frequency in `docker-compose.yml`? #106

Closed ZhengRui closed 3 years ago

ZhengRui commented 3 years ago

Thanks for the nice repo, it helped me with my website's certification process.

Today when I try to redeploy my website, it reminds me .. too many certificates already issued for exact set of domains .... After a bit google, I got to know there is Duplicate Certificate limit of 5 per week, certbot renew now is counted within this limit from my understanding. So my question is should we decrease the renew frequency from 12h to like 48h?

tjmoses commented 3 years ago

The renew frequency doesn't matter b/c certbot renew only renews when necessary. See the below snippet from their docs.

https://certbot.eff.org/docs/using.html#renewing-certificates

This command attempts to renew any previously-obtained certificates that expire in less than 30 days. The same plugin and options that were used at the time the certificate was originally issued will be used for the renewal attempt, unless you specify other plugins or options. Unlike certonly, renew acts on multiple certificates and always takes into account whether each one is near expiry. Because of this, renew is suitable (and designed) for automated use, to allow your system to automatically renew each certificate when appropriate. Since renew only renews certificates that are near expiry it can be run as frequently as you want - since it will usually take no action.

ZhengRui commented 3 years ago

I see, thanks @tjmoses I will close this issue then.