From 9502acf6e76c908c62f5ed0e9d9ebf736b746305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?= Date: Fri, 7 Apr 2023 00:32:21 +0200 Subject: [PATCH] Switch to a default renew_delay of 30d This is in line with the recommendations of the Let's Encrypt integration guide, and the default most other clients implement as well. --- acmed/src/main.rs | 2 +- man/en/acmed.toml.5 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/acmed/src/main.rs b/acmed/src/main.rs index 8cc94c7..ba4f3ff 100644 --- a/acmed/src/main.rs +++ b/acmed/src/main.rs @@ -38,7 +38,7 @@ pub const DEFAULT_CSR_DIGEST: HashFunction = HashFunction::Sha256; pub const DEFAULT_CERT_KEY_TYPE: KeyType = KeyType::Rsa2048; pub const DEFAULT_CERT_FILE_MODE: u32 = 0o644; pub const DEFAULT_CERT_RANDOM_EARLY_RENEW: u64 = 0; // default to not renewing early -pub const DEFAULT_CERT_RENEW_DELAY: u64 = 1_814_400; // 1_814_400 is 3 weeks (3 * 7 * 24 * 60 * 60) +pub const DEFAULT_CERT_RENEW_DELAY: u64 = 30 * 24 * 60 * 60; // 30 days pub const DEFAULT_PK_FILE_MODE: u32 = 0o600; pub const DEFAULT_ACCOUNT_FILE_MODE: u32 = 0o600; pub const DEFAULT_KP_REUSE: bool = false; diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5 index 20edcc7..35b6ba6 100644 --- a/man/en/acmed.toml.5 +++ b/man/en/acmed.toml.5 @@ -315,7 +315,7 @@ section. By default, this is disabled, or rather, the time frame is set to 0. .It Cm renew_delay Ar string Period of time between the certificate renewal and its expiration date. The format is described in the .Sx TIME PERIODS -section. Default is 3w. +section. Default is 30d. .It Cm root_certificates Ar array Array containing the path to root certificates that should be added to the trust store. .El