-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certificatesDuration not honored when getting certs from internal StepCA #10847
Comments
Thanks @easpeagle for opening this issue. The documentation needs to be improved. |
Okay... yeah, that's helpful to know. Traefik definitely needs a feature that allows a user to configure certificate lifetime during the request similar to the acme.sh feature "valid-to" option. |
That would indeed be very useful on some CAs. This won't work everywhere as some don't allow to configure such things (Let's Encrypt for example) If this is a feature you are willing to see in Traefik, please open a separate issue to track the proposal. |
refer to @jspdown comment before.
i need to improve the documentation by modify it to explain like the @jspdown explanation on the previous comment wdyt? |
You are welcome to contribute and we will be happy to review your PR. Don't hesitate to ask if you need some guidance. Thanks @peacewalker122 |
Welcome!
What did you do?
We have configured traefik (3.0.3) to pull certificates from our internal StepCA, which has a default cert lifetime of 24h. When we use the
certificatesDuration
parameter to set say 48 or 72 hour duration, we expect to get certificates with those lifetimes. We use this same CA with tools such as acme.sh and can configure what lifetime we want up to 90d.What did you see instead?
What we see is that no matter what value we give to
certificatesDuration
we only get 24h 1m certs. I can clearly see in the StepCA pod logs for new-order transactions a request for:\"notBefore\":\"2024-06-25T21:30:14Z\",\"notAfter\":\"2024-06-26T21:31:14Z\"
What version of Traefik are you using?
What is your environment & configuration?
If applicable, please paste the log output in DEBUG level
No response
The text was updated successfully, but these errors were encountered: