Hi everyone, I recently learned that after March 12, 2026, the maximum validity for public TLS/SSL certificates will be reduced to just 199 days. This has prompted me to consider automating our certificate management process. While we only manage a few certificates, handling them manually can be quite tedious. I'm curious about how others are approaching the automation of their certificates. What tools or methods do you recommend? Is there anything specific I should be aware of before diving into this?
5 Answers
Depending on your environment, you might find that tools like Ansible work well for you. Some setups utilize load balancers with public certs while keeping a longer-lifetime private PKI internally. Just make sure to plan ahead since cert lifetimes will be even shorter by 2029!
Honestly, for most cases, going with Let's Encrypt via Certbot or Acme.sh, and scheduling a cron job to renew every 60 days is the simplest approach. The short validity period won’t be an issue if you're proactive with renewals!
If you're looking for a hassle-free solution, I recommend using traefik with Let's Encrypt, supported by your DNS provider. It automates certificate renewals for your microservices efficiently.
For those who prefer a GUI, Certify the Web and Win-Acme are solid choices to get started quickly. Also, you might consider using PowerShell scripts with the Posh-ACME module if you're in a Windows environment. It allows for generating new certificates a week before the current ones expire.
Using Certbot with Let's Encrypt is probably your best bet for automation. They support automatic DNS challenge certificates with a validity of 90 days, so you won’t have to worry too much about renewing all the time.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures