←back to thread

Six day and IP address certificate options in 2025

(letsencrypt.org)
197 points SGran | 1 comments | 16 Jan 25 15:36 UTC | HN request time: 0s | source
Show context
jabart ◴[16 Jan 25 19:57 UTC] No.42730099[source]
Six days? I can't even set the cron job to weekly. Maybe that is the point of this though from being on call I really hate thing restarting every day. Caddy, Nginx, HAProxy, and IIS all seem to handle certs without a full restart. MS SQL Server, nope.
replies(2): >>42730153 #>>42733250 #
mholt ◴[16 Jan 25 20:02 UTC] No.42730153[source]
AFAIK, Caddy is the only integrated ACME client that is tuned for short-lived certificates. All its own self-signed certs are already 24-hour certificates, so 6-day certs will be no problem.
replies(1): >>42730215 #
yjftsjthsd-h ◴[16 Jan 25 20:06 UTC] No.42730215[source]
Why would that matter? Replacing the cert and sighup'ing nginx or whatever isn't functionally different from doing it in-process.
replies(2): >>42730366 #>>42730860 #
mholt ◴[16 Jan 25 20:19 UTC] No.42730366[source]
Oh, my, yes it is :) (I don't have time to elaborate on this again right now, unfortunately.)
replies(1): >>42730640 #
1. jabart ◴[16 Jan 25 20:43 UTC] No.42730640{3}[source]
You have a link to a previous discussion on this? I'm curious if there is some hidden thing occurring or if just connection resets are happening or something else you are aware of.