-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Validity
The ACME protocol supported the NotBefore and NotAfter fields of the cert.
And some of the CAs supported this feature. (The Letsencrypt CA doesn't support it for now)
There are 2 command options to use:
- The
--valid-to <date time>option, which is forNotAfterfield. - The
--valid-from <date time>option, which is forNotBeofrefield.
Usage:
acme.sh --issue -d example.com -dns dns_cf --valid-to "2022-04-01T08:10:33Z"
The value of --valid-to is an absolute date time in the future. The issued cert will expire on that time(NotAfter).
Please be careful about the date time format, it Must be exact format used above.
You can also use a relative date time format:
# This cert will only be valid for `10` days.
acme.sh --issue -d example.com --dns dns_cf --valid-to "+10d"
# This cert will be valid for `30` hours.
acme.sh --issue -d example.com --dns dns_cf --valid-to "+30h"
Please be careful about the format, there are only +*d (for days) and +*h (for hours) supported for now. Any other format will not be accepted.
If the lifetime is measured in hours, you need to change the default crontab to run acme.sh every an hour:
0 * * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
acme.sh --issue -d example.com --dns dns_cf --valid-from "2022-04-01T08:10:33Z"
The cert time will be valid start from "2022-04-01T08:10:33Z".
You can also use the relative time format:
#The cert will be valid after 2 hours:
acme.sh --issue -d example.com --dns dns_cf --valid-from "+2h"
#The cert will be valid after 1 day:
acme.sh --issue -d example.com --dns dns_cf --valid-from "+1d"
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢