Allow renew time relative to the expiration date by AlexanderS · Pull Request #4457 · acmesh-official/acme.sh

AlexanderS · 2023-01-04T16:47:03Z

You can now set a negative value for days, that will be subtracted from the expiration date of the generated certificate.

This will fix #3413.

AlexanderS · 2023-01-09T11:28:14Z

I do not think, the error of the pipeline is related to the pull request.

saudiqbal · 2025-03-09T20:58:52Z

Any update on this PR?

saudiqbal · 2025-06-30T17:29:38Z

??? Nothing?

heiko3 · 2025-07-01T07:12:23Z

Unfortunately, there has been no response to the pull request yet. We've been using this change in production for a long time, and it works very well. Given the different expiration times for server certificates at different CAs, this is very helpful, and the expiration times will continue to change in the future, so this change is very important for automation.
It's a shame that the pull request hasn't been implemented yet.

saudiqbal · 2025-07-01T17:16:18Z

Looks like someone else needs to take over this project, acmesh-official is not doing anything for pull requests.

lukastribus · 2025-07-01T20:34:01Z

Ultimately #4944 ARI support is going to fulfill this need in most cases, I can see that the work has already began.

The change in this PR would still be useful nonetheless of course.

saudiqbal

Please approve the PR for relative expiry date.

saudiqbal · 2025-11-20T09:03:54Z

PR still not accepted!

AlexanderS · 2026-04-29T10:36:57Z

@neilpang Any comments on this? Did you maybe miss this PR by accident?

neilpang · 2026-05-01T08:48:42Z

please also add thie usage in the showhelp() method, so that everyone knows it can be negative numbers.

Copilot

Pull request overview

Adds support for configuring certificate renewal scheduling relative to the certificate’s expiration date (by allowing negative Le_RenewalDays), addressing scenarios with long-lived certificates (e.g., 1-year ACME certs) as described in #3413.

Changes:

Introduces _enddate() to read notAfter from an issued certificate via OpenSSL.
Introduces _ssldate2time() to convert OpenSSL -enddate output into epoch seconds.
Updates next-renew-time calculation to support negative Le_RenewalDays as “expire time + (negative days)”.

AlexanderS · 2026-05-01T13:42:17Z

I have updated the PR and included the various suggestions from Copilot (although the extensive error checking does not align with other parts of the code).

You can now set a negative value for days, that will be subtracted from the expiration date of the generated certificate.

_enddate is also a function and it is better to use different names for functions and variables for better maintainability.

* Allow renew time relative to the expiration date

AlexanderS force-pushed the feature/relativ-renew branch from 5dda252 to b84acb6 Compare January 23, 2023 15:11

AlexanderS force-pushed the feature/relativ-renew branch from b84acb6 to 4d9d59a Compare March 13, 2023 11:33

saudiqbal mentioned this pull request Nov 7, 2024

Can I use negative value for days for relative renew date? #6084

Open

saudiqbal mentioned this pull request Jul 1, 2025

acme.sh not handling all status mentioned in RFC 8555 #6402

Closed

saudiqbal approved these changes Jul 4, 2025

View reviewed changes

saudiqbal mentioned this pull request Oct 18, 2025

Feature Request: Enforce --days renewal schedule and add pre-issuance validity check #6570

Open

saudiqbal mentioned this pull request Jan 12, 2026

Fix: Honor --days flag for short-lived certificates #6572

Open

neilpang force-pushed the feature/relativ-renew branch from 4d9d59a to 3e601f5 Compare May 1, 2026 08:44

neilpang requested a review from Copilot May 1, 2026 08:45

Copilot started reviewing on behalf of neilpang May 1, 2026 08:46 View session

Copilot AI reviewed May 1, 2026

View reviewed changes

Comment thread acme.sh Outdated

Comment thread acme.sh Outdated

Comment thread acme.sh Outdated

Comment thread acme.sh Outdated

AlexanderS force-pushed the feature/relativ-renew branch from 3e601f5 to e081347 Compare May 1, 2026 13:37

Alexander Sulfrian added 5 commits May 1, 2026 16:00

Allow renew time relative to the expiration date

32b2217

You can now set a negative value for days, that will be subtracted from the expiration date of the generated certificate.

Add note to help message about negative days

d2ae323

Fix grammar of error message

90c883a

Use better variable name for _enddate

67d9d6f

_enddate is also a function and it is better to use different names for functions and variables for better maintainability.

Better error checking for parsing enddate of cert

4c79890

neilpang force-pushed the feature/relativ-renew branch from e081347 to 4c79890 Compare May 1, 2026 14:00

neilpang merged commit e7ec2f0 into acmesh-official:dev May 1, 2026
34 of 36 checks passed

AlexanderS deleted the feature/relativ-renew branch May 1, 2026 14:05

neilpang pushed a commit that referenced this pull request May 2, 2026

Allow renew time relative to the expiration date (#4457)

3230d00

* Allow renew time relative to the expiration date

lukastribus mentioned this pull request May 5, 2026

Consider to use openssl -enddate to determine certificate renewal #3413

Open

Uh oh!

Conversation

AlexanderS commented Jan 4, 2023

Uh oh!

AlexanderS commented Jan 9, 2023

Uh oh!

saudiqbal commented Mar 9, 2025

Uh oh!

saudiqbal commented Jun 30, 2025

Uh oh!

heiko3 commented Jul 1, 2025

Uh oh!

saudiqbal commented Jul 1, 2025

Uh oh!

lukastribus commented Jul 1, 2025

Uh oh!

saudiqbal left a comment

Choose a reason for hiding this comment

Uh oh!

saudiqbal commented Nov 20, 2025

Uh oh!

AlexanderS commented Apr 29, 2026

Uh oh!

neilpang commented May 1, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

AlexanderS commented May 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants