On 2020/12/16 11:47, Renaud Allard wrote: > On 12/16/20 11:13 AM, Janne Johansson wrote: > > > > But it is a local check for the local date vs the date in the > > certificate, and perhaps your box is not on at 03:00 on Saturdays as you > > thought 3 months ago. > > > > If your clock is 3 months off, it could also be off the other way round. > That means you would try to renew every hour and get blacklisted for hitting > rate limits. I don't think the example crontab should take into account a > wrong config in the first place. >
JJ isn't talking about the clock being set incorrectly, he's talking about the machine being turned off. Even part time servers (say, a test server running on a laptop) may still need a signed certificate. If the machine clock is correct then there's no issue, it is a very quick local file check only. If the clock is incorrect then, for letsencrypt, the relevant limit is the Duplicate Certificate limit, which is 5 per week, so a daily check will still trip this. I'd argue that it is better to know sooner rather than later if there is a problem as it will give you more time to fix it before the certificate expires.
