Extend validity of let's encrypt certificate

NethServer Version: 7.3
Module: lets encrypt

Hi all,
Im using NS7 as my homeserver for web, mail and some other cool stuff. For encryption of course letsencrypt is being used.
By default, a certificate has a validity of 3 months, and after that, it’s automatically renewed. Great feature! But after a renewal, my whole family has to accept the new certificate, both for sending and receiving mail on smartphone, ipad, laptop, etc. That’s a bit often for the use I make of it.
Is it possible to extend the lifetime of a cert to 6 months, or even a year?
I’ve found the .conf file in /etc/letsencrypt/renewal but that doesn’t say anything on validity.
Anyone?

AFAIK, when the certificate is renewed, you shouldn’t have to confirm it in the various devices…

Do you using the same host name in the clients configuration and in the certificate generation?
For example if you have created the certificate with the host name mail.example.com you sould use the same mail.example.com in smtp/imap configuration.

The default of validity of 3 mont is imposed by Let’s Encrypt: https://letsencrypt.org/2015/11/09/why-90-days.html

1 Like

Thx for your answer.
I think go nailed it: I may have used IP’s in some configs rather then hostnames, and therefore the new certificate needs to be explicitly trusted.
I’ll look into that (as soon as I can lay hands on all devices…). And indeed, as the link you post explains: once all is fully automated, it’s no issue how long a crt remains valid.

2 Likes