Warning Level - SSL certificate

jonash

Is it possible to adjust the warning levels of an SSL certificate?

For example, I would like to be warned only 1 month before expiry

johnny

Not currently, It might makes sense to change it globally on ssl certs as their expire date can be a lot shorter especially if using lets encrypt

wrongecho

I think it makes sense to move from 90 day alerts to 45 days. As it stands currently, LE should have renewed by 45 days and it's still just enough time to get a paid SSL renewed (mostly).

LE are actually exploring moving to SIX day expirations, which I think is insane: https://letsencrypt.org/2024/12/11/eoy-letter-2024/

Alan

We've got multiple LE certs that haven't expired by 30 days (right now we have one that expires on 7th Feb that hasn't renewed yet).

Being able to adjust, or set a default then adjust after would be the best, as we have regular annual certs that we want notification at say, 30 days, and then LE, which we don't need to know about until a max of 14 days before renewal (plenty of time to do something if needed, maybe even less) as we're just getting a bunch of excess notifications that we're not doing anything with.

6 days is just stupid, aka, they want them all and stuff regular certs. Yes it should be automated, but there are many systems where it simply isn't an option…

jonash

Alan

I agree here.

Everyone has different preferences and processing times. Everyone needs a different lead time.

I would like to have a setting to generally display the time for certificates

wrongecho

I would prefer to avoid even more customisation, especially as granular as per certificate. I think this is something we can fix through good defaults, or at least better defaults.