simple-acme
Replies: 1 comment
-
|
I think the RFC is pretty clear on how regularly scheduled clients are supposed to handle the ARI suggested renewal window. The authors make no presumption that all renewals are actually going to happen within that window. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm writing a paper on ARI for a vendor and there's something I don't understand. ACME clients all seem to be command line tools that have to run on a schedule of some kind, typically cron or Scheduled Tasks or systemd. Proper behavior after a Retry-After may require changing that behavior on the fly, unless the client maintains state on certificates and renewals between runs. I think certbot does this in the renewals subdirectory.
Assume you run the client every 6 hours and you get a Retry-After of 24 hours. Are you not supposed to even request RenewalInfo during that time, in which case you need to know about the a Retry-After?
In the same way, if you run every week (bad idea, I know) and you get a RenewalInfo that says some time tomorrow, you need to check tomorrow and not in a week.
Does simple-acme do all this?
And I apologize, but I'm not in a position to test this.
Beta Was this translation helpful? Give feedback.
All reactions