When using --valid-to with --days, the renewal time was incorrectly
set to 1 day before certificate expiry instead of respecting the
user's --days value.
This fix ensures that:
- Renewal is scheduled at 'issuance + days' as intended
- Falls back to 1 day before expiry only if cert expires before renewal
- Matches the behavior when --valid-to is not specified
Example: With --valid-to '+47d' --days 42:
- Before: Renewal at day 46 (1 day before expiry)
- After: Renewal at day 42 (as specified)
Useful where remote endpoints filter requests by IP address, but one's
Internet connection has a stable IP for only one address family,
e.g.: a dynamic IPv6 prefix and a static IPv4 address; or a static IPv6
prefix and CGNAT IPv4.
This commit adds a new "Profile" column to the output of the `--list` command.
The column displays the value of the `Le_Certificate_Profile` variable stored in each domain's respective configuration file. If a profile is not set for a certificate, the column is left empty.
This enhances the utility of the list command by providing more at-a-glance information about each certificate's configuration, which is particularly useful for CAs that support different certificate profiles.
This commit introduces a new command, `--list-profiles`, to allow users to discover the certificate profiles supported by a Certificate Authority.
The command queries the `meta.profiles` object within the ACME directory JSON for the selected server and formats the output for readability. If a CA does not publish profiles in its directory, the command reports that none were found.
Usage:
acme.sh --list-profiles [--server letsencrypt]
hselomein
Corey Davis
neil
An | Anton Röhm
neil
privacyfr3ak
Péter Vámos
seagleNet
Peter Lindegaard Hansen
Richard Glidden
Dennis Schmidt
Roy Orbitson
Jens Spanier
Jens Spanier
DuolaD
Vmichelin
Steven Zhu