Question about the certificate validity

[EduardGohr]

Hello,

Our ACME generated certificates are valid for 3 months - according to the ACME documentation it is a default value. The certificate is automatically renewed and is valid then for the next 3 months.

I found an attribute "--valid-to" in the ACME documentation which could set the validity to e. g. 1 year : https://github.com/acmesh-official/acme.sh/wiki/Validity.

• Our current version of acme.sh script doesn't have this attribute. Is it possible just to update the script and use this attribute without updating the ACME server?
• Is is possible to update the certificate validity to 1 year for current certificates which are valid for 3 month?

[Neilpang]

Our current version of acme.sh script doesn't have this attribute. Is it possible just to update the script and use this attribute without updating the ACME server?

Yes.

Is is possible to update the certificate validity to 1 year for current certificates which are valid for 3 month?

Yes, you can use acme.sh --issue ...... --days 365

[Neilpang]

The --days is only for cronjob to renew the cert.

The "NotBefore" and "NotAfter" fields in the cert are not affected at all. They are controlled by the CA (as well as "--valid-to" parameters if supported by the CA).