Hi all,
We have several certificates managed in Certify The Web with the following deployment chain configured per cert:
- Certify renews the certificate.
- A deployment task exports the cert to a specific directory.
- A follow-up task runs a PowerShell script that calls an API to update the cert in the consuming application.
Everything works, but we need the entire chain to fire only during our maintenance window - not at whatever time the renewal happens to come due.
What I’m trying to figure out:
- Is there a supported, built-in way to constrain a managed certificate’s renewal and deployment tasks to a specific day/time window (e.g., Saturday 02:00–04:00)?
- If not, what workarounds do people use? The obvious one is a pre-task script that loops/sleeps until the maintenance window, but I’ve seen mentions on the forum that holding a deployment open like that can leave the process stale and may interfere with other certificate automations on the same instance. So I’d rather not go down that path unless that concern is outdated or there’s a clean way to do it.
Any guidance — official or from people running similar setups in production — would be appreciated. Thanks!
Hi,
Version 7.x onwards has a new Maintenance Window feature where you can declare a global maintenance window or set one specifically for a given managed certificate etc.
However, you mentioned exporting the cert then a “follow-up task” runs, what triggers that and why would that not only occur during your preferred maintenance windows anyway? It’s common for people to export certs then have their own windows scheduled task to do more sophisticated scheduling etc.
Thanks - I’ll check out the v7 version. It looks like that feature is still in beta, but it sounds like it may address what we need.
Just to clarify my setup: when I mentioned exporting the cert, that export is part of the Certify deployment chain. One deployment task exports the renewed cert in the required format/location for the app or service, and the next deployment task runs a PowerShell script that uses that exported cert and calls our application API to update it.
So ideally, we need the entire deployment chain to be held until the maintenance window, not just the renewal itself.
Do you happen to have an estimated timeline for when v7 will be officially released? I’m asking because in-app auto-upgrade from my current v6.x version to v7 does not appear to be available, so I’d likely need to plan a manual upgrade. If v7 GA is coming soon, I’d prefer to wait and upgrade directly to the stable release.
We’re currently working through a powershell compatibility issue with v7 that requires a decent amount of work and testing, after that we will have another RC before a release, so we don’t have a specific date no.
Thanks for the update. Also, I wanted to ask - what’s the best way to contribute to the project?
I’d be interested in helping where I can, whether that’s testing, documentation, or code contributions. Is there a preferred process for getting involved?
Testing is always appreciated, as is general feedback. Code contributions not so much as nowadays coding is not really the bottleneck, the most important thing is for us to hear about limitations you have encountered that have stopped you achieving an outcome etc.