Skip to main content

Renewal settings

The renewal settings allow you to define the conditions for certificate renewal.

Example JSON: Renewal settings

Renew anytime

{
  ...
  "renewal_settings": {
    "renew_valid_cert": "anytime",
    "renew_expired_cert": "dont_allow",
    "renew_revoked_cert": true,
    "renewal_key_pair": "optional",
    "allow_override_renewal_key_pair": true
  }
}

Renew 30 days before expiration and up to two months after expiration

{
  ...
  "renewal_settings": {
    "renew_valid_cert": "in_specific_window",
    "renew_before_expiration_window": {
      "period": "days",
      "duration": 30
    },
    "renew_expired_cert": "in_specific_window",
    "renew_after_expiration_window": {
      "period": "months",
      "duration": 2
    },
    "renew_revoked_cert": true,
    "renewal_key_pair": "optional",
    "allow_override_renewal_key_pair": true
  }
}

Parameters: Renewal settings

Name	Type	Req/Opt	Description
renewal_settings	object	required	Renewal setting details
.. renew_valid_cert	string	optional	Define if and when a valid certificate can be renewed before it expires. Possible values: `Anytime`: can renew the certificate any time before expiration `in_specific_window` (default): can renew the certificate before it expires but only once the renewal window begins. The renewal window is defined in `renew_before_expiration_window`. `dont_allow`: cannot renew the certificate
.. renew_before_expiration_window	object	conditional	Before-expiration renewal window details. Required when `renew_valid_cert` is set to `in_specific_window`.
.. .. period	string	required	Duration unit for the before-expiration renewal window. Possible values: `minutes` `hours` `days` `months` `years`
.. .. duration	integer	required	Duration of the before-expiration renewal window. Possible values: Any positive integer
.. renew_expired_cert	string	optional	Define if and when an expired certificate can be renewed after it expires. Possible values: `anytime` (default): can renew expired certificates any time after expiration `in_specific_window`: can renew certificate after it expires but only until the renewal window ends. The renewal window is defined in the renew_after_expiration_window `dont_allow`: cannot renew certificate after it expires
.. renew_after_expiration_window	object	conditional	After-expiration renewal window details. Required when the `renew_expired_cert` is set to `in_specific_window`.
.. .. period	string	required	Duration unit for the after-expiration renewal window. Possible values: `minutes` `hours` `days` `months` `years`
.. .. duration	integer	required	Define the duration of the after-expiration window. Possible values: Any positive integer
.. renew_revoked_cert	boolean	optional	If true (default), can renew a revoked certificate. If false, cannot renew a revoked certificate.
.. renewal_key_pair	string	optional	Define if the same or new keypair can be used when renewing a certificate. Possible values: `optional` (default): same or new keypair can be used when renewing the certificate `always`: new keypair should be used when renewing the certificate `newer`: same keypair should be used when the renewing certificate
.. allow_override_renewal_key_pair	boolean	optional	If true (default), a certificate profile can override the `renewal_key_pair` configuration. If false, a certificate profile cannot override the `renewal_key_pair` configuration.

Was this helpful?