Docs feedback: "Automatic Let’s Encrypt Renewal" misleading info
https://docs.gitlab.com/12.7/omnibus/settings/ssl.html#automatic-lets-encrypt-renewal
Explicitly set renewal times by adding the following to /etc/gitlab/gitlab.rb:
This line seems to imply that the certificate will be renewed according to the specified schedule. However, much to my surprise, this doesn't seem to be the case. I configured it to update the first of every month, yet I received an email stating that my certificate is about to expire in 20 days.
According to this issue comment, the certificate only gets renewed if it is about to expire within 30 days. Thus, if you set it to renew the 1st of every month at 00:00 and the certificate expires on the 31st, the certificate will expire before being renewed, which is bad.
Two things:
- The docs should be updated to include this within-30-days limit.
- There should be an option modify the limit.