Comment by halifaxbeard
1 day ago
> 8 lets me refresh weekly and have a fixed day of the week to check whether there was some API 429 timeout
There’s your answer.
6 days means on a long enough enough timeframe the load will end up evenly distributed across a week.
8 days would result in things getting hammered on specific days of the week.
> 6 days means on a long enough enough timeframe the load will end up evenly distributed across a week.
people will put */5 in cron and result will be same, because that's obvious, easy and nice number.
If they put */5 in cron, a single error response will break their site and the beginning of March will also break their site.
and they will replace it with * and just do it every day just in case
2 replies →
I'd have it renew Monday and Thursday to avoid weekend outages.
If I would use short-lived certs I would make sure to choose an ACME client that has support for ARI (ACME Renewal Information). Then the CA will tell the client when it’s time to renew.
ACME doesn't renew certificates when there's enough time, so it'll always renew around 6 days, even if you check more aggressively.
Currently ACME sets its cron job to 12 days on 90 day certificates.
Which ACME client are you referring to?
I thought people generally run it daily? It’s a no-op if it doesn’t need renewal.
so now people that want humans around will now renew twice in a week instead of once?
Oh definitely not. They don't want humans doing any renewals.