Do certificates automatically renew?
Yes, SSLcat fully supports automatic certificate renewal. This is one of SSLcat's core features, ensuring your HTTPS service will never be interrupted due to certificate expiration.
Automatic Renewal Mechanism
SSLcat's automatic renewal mechanism is based on the following principles:
- Early renewal - Automatic renewal starts 30 days before certificate expiration
- ACME protocol - Uses standard ACME protocol to communicate with Let's Encrypt
- Zero downtime - Service is not interrupted during renewal
- Failure retry - Automatically retries on renewal failure, up to 3 attempts
Renewal Schedule
SSLcat follows this schedule for certificate renewal:
- 30 days before - First renewal attempt
- 15 days before - Retry if first attempt fails
- 7 days before - Final renewal attempt
- 1 day before - Send alert notification (if still unsuccessful)
Renewal Process
Detailed certificate renewal process:
- Check certificate status - Regularly check certificate expiration time
- Trigger renewal - Trigger renewal process 30 days before expiration
- Domain validation - Re-validate domain ownership
- Apply for new certificate - Apply for new certificate from Let's Encrypt
- Install certificate - Automatically install new certificate to server
- Restart service - Gracefully restart service to load new certificate
- Verify success - Verify new certificate is working properly
Configuration Options
You can adjust automatic renewal behavior through configuration file:
# Certificate configuration
certificates:
auto_renewal:
enabled: true
renew_before_days: 30 # Days before renewal
max_retries: 3 # Maximum retry attempts
retry_interval: 24 # Retry interval (hours)
# Let's Encrypt configuration
letsencrypt:
staging: false # Whether to use staging environment
email: "admin@example.com"
agree_tos: trueMonitoring and Logging
SSLcat provides detailed certificate renewal logs:
- Renewal start - Records renewal start time
- Validation process - Records domain validation process
- Certificate status - Shows new certificate details
- Renewal result - Records renewal success or failure
- Error information - Detailed error messages and solutions
Alert Notifications
SSLcat supports multiple alert notification methods:
- Email notification - Send emails to administrator mailbox
- Webhook - Send HTTP requests to specified URL
- Log recording - Record important events in logs
- Admin panel - Display status in web management interface
Troubleshooting
If automatic renewal fails, possible causes:
- Domain resolution issues - Check if domain resolves correctly to server
- Port access issues - Ensure ports 80 and 443 are accessible
- Let's Encrypt limits - Check if Let's Encrypt rate limits are reached
- Network connection issues - Check server network connection
- Configuration errors - Verify configuration file settings
Manual Renewal
If you need to manually trigger certificate renewal:
# Manually renew all certificates
sslcat --renew-all
# Renew specific domain
sslcat --renew-domain example.com
# Check certificate status
sslcat --check-certificatesCertificate Backup
SSLcat automatically backs up certificate files:
- Automatic backup - Automatically backs up old certificates before renewal
- Version management - Retains the latest 5 versions of certificates
- Quick recovery - Supports quick recovery to previous certificates
- Export functionality - Supports exporting certificates to other systems
Best Practices
Recommendations for using automatic renewal:
- Monitor logs - Regularly check renewal logs
- Set up alerts - Configure email or Webhook alerts
- Test environment - Test renewal functionality in staging first
- Backup strategy - Regularly backup certificate files
- Network checks - Ensure stable server network connection
Let's Encrypt Limits
Understand Let's Encrypt usage limits:
- Certificate count - Maximum 50 certificates per domain per week
- Subdomain limit - Maximum 100 subdomains per domain
- Wildcard certificates - Requires DNS validation
- Rate limits - Maximum 5 failed validations per hour
With SSLcat's automatic renewal feature, you don't need to worry about certificate expiration at all and can focus on business development.