Switch to a default renew_delay of 30d

This is in line with the recommendations of the Let's Encrypt integration guide, and the default most other clients implement as well.
2 years ago · 9502acf6e7
2 changed files with 2 additions and 2 deletions
--- a/acmed/src/main.rs
+++ b/acmed/src/main.rs
@ -38,7 +38,7 @@ pub const DEFAULT_CSR_DIGEST: HashFunction = HashFunction::Sha256;
 pub const DEFAULT_CERT_KEY_TYPE: KeyType = KeyType::Rsa2048;
 pub const DEFAULT_CERT_FILE_MODE: u32 = 0o644;
 pub const DEFAULT_CERT_RANDOM_EARLY_RENEW: u64 = 0; // default to not renewing early
-pub const DEFAULT_CERT_RENEW_DELAY: u64 = 1_814_400; // 1_814_400 is 3 weeks (3 * 7 * 24 * 60 * 60)
+pub const DEFAULT_CERT_RENEW_DELAY: u64 = 30 * 24 * 60 * 60; // 30 days
 pub const DEFAULT_PK_FILE_MODE: u32 = 0o600;
 pub const DEFAULT_ACCOUNT_FILE_MODE: u32 = 0o600;
 pub const DEFAULT_KP_REUSE: bool = false;
--- a/man/en/acmed.toml.5
+++ b/man/en/acmed.toml.5
@ -315,7 +315,7 @@ section. By default, this is disabled, or rather, the time frame is set to 0.
 .It Cm renew_delay Ar string
 Period of time between the certificate renewal and its expiration date. The format is described in the
 .Sx TIME PERIODS
-section. Default is 3w.
+section. Default is 30d.
 .It Cm root_certificates Ar array
 Array containing the path to root certificates that should be added to the trust store.
 .El