“Renewal schedule is Letsencrypt renewal” - this messages is one of the hooks for our certificate renewal automation. We have started introducing it to some accounts now.
KeyChest renewal automation provides:
1. centralised control and overview of renewals
2. single management view of the status, with indication of potential errors or failures of "ACME clients" (e.g.,
this list at letsencrypt.org).
The configuration has several aspects that will be covered in separate articles but the implementation focuses on 2 types of use-cases:
- Users who use free certificates provided by e.g., Let's Encrypt or ZeroSSL certification authorities.
- Users with enterprise accounts and ACME automation enabled
- Users with enterprise accounts and proprietary automation - will be added per customer request(s)
The hard bit of managing larger infrastructure is to orchestrate installation and updates of ACME clients. We have developed a separate service to help with this. We use Ansible as it's one of the most stable and trusted orchestration solutions.
We use