Certify does not honor renewal settings


I have noticed that recently Certify does not honor configured renewal settings. I have configured certificate renewal to trigger 14 days before expiry, but “planned” shows month before expiry. Anyone else noticing this?

Hmm, there could be a few reasons for that but the most obvious change recently would be the introduction of ACME Renewal Info (ARI) which is a way for the certificate authority to suggest that a renewal should be performed sooner. The main purpose of this feature is for the CA to signal an impending mass revoke of current certificates or similar events. You can test if ARI is affecting the planned renewal by using Certificate > Advanced > Reset Failure Status (then Save) because that will reset a bunch of background status information. There’s not currently an option to turn off ARI or influence it’s behaviour as it’s intended (from our perspective) to act as a safety feature.

However, if I edit my own renewal prefs to 14 days before expiry my planned date does show as being 14 days before expiry.

As an aside, our new default setting for renewal settings is 75% of elapsed lifetime, this is because some CAs allow very short lifetime certs (e.g. 1 day) so days stop making sense in that configuration.

Thanks, I tried your suggested trick. After that “Status” tab just disappeared, maybe it comes back once renewal is taking place? I’ll now wait and see if the customized schedule is taking effect.

1 Like