Alter TLS renewal period

docs/content/https/acme.md

@@ -847,14 +847,14 @@ _Optional, Default=2160_
 
 It defaults to `2160` (90 days) to follow Let's Encrypt certificates' duration.
 
-| Certificate Duration | Renew Period      | Renew Interval          |
-|----------------------|-------------------|-------------------------|
-| >= 1 year            | 4 months          | 1 week                  |
-| >= 90 days           | 30 days           | 1 day                   |
-| >= 30 days           | 10 days           | 12 hours                |
-| >= 7 days            | 1 day             | 1 hour                  |
-| >= 24 hours          | 6 hours           | 10 min                  |
-| < 24 hours           | 20 min            | 1 min                   |
+| Certificate Duration | Renew Period | Renew Interval |
+|----------------------|--------------|----------------|
+| >= 1 year            | 4 months     | 1 week         |
+| >= 90 days           | 30 days      | 1 day          |
+| >= 30 days           | 10 days      | 12 hours       |
+| >= 6 days            | 2 days       | 2 hours        |
+| >= 24 hours          | 6 hours      | 10 min         |
+| < 24 hours           | 20 min       | 1 min          |
 
 !!! warning "Traefik cannot manage certificates with a duration lower than 1 hour."
 

pkg/provider/acme/provider.go

@@ -809,8 +809,8 @@ func getCertificateRenewDurations(certificatesDuration int) (time.Duration, time
 		return 30 * 24 * time.Hour, 24 * time.Hour // 30 days, 1 day
 	case certificatesDuration >= 30*24: // >= 30 days
 		return 10 * 24 * time.Hour, 12 * time.Hour // 10 days, 12 hours
-	case certificatesDuration >= 7*24: // >= 7 days
-		return 24 * time.Hour, time.Hour // 1 days, 1 hour
+	case certificatesDuration >= 6*24: // >= 6 days
+		return 2 * 24 * time.Hour, 2 * time.Hour // 2 days, 2 hours
 	case certificatesDuration >= 24: // >= 1 days
 		return 6 * time.Hour, 10 * time.Minute // 6 hours, 10 minutes
 	default:

pkg/provider/acme/provider_test.go

@@ -612,6 +612,12 @@ func Test_getCertificateRenewDurations(t *testing.T) {
 			expectRenewPeriod:     time.Hour * 24 * 30,
 			expectRenewInterval:   time.Hour * 24,
 		},
+		{
+			desc:                  "45 Days certificates (Let's Encrypt 2028 standard): 10 days renew period, 12 hour renew interval",
+			certificatesDurations: 24 * 45,
+			expectRenewPeriod:     time.Hour * 24 * 10,
+			expectRenewInterval:   time.Hour * 12,
+		},
 		{
 			desc:                  "30 Days certificates: 10 days renew period, 12 hour renew interval",
 			certificatesDurations: 24 * 30,
@@ -619,10 +625,16 @@ func Test_getCertificateRenewDurations(t *testing.T) {
 			expectRenewInterval:   time.Hour * 12,
 		},
 		{
-			desc:                  "7 Days certificates: 1 days renew period, 1 hour renew interval",
+			desc:                  "7 Days certificates: 2 days renew period, 2 hour renew interval",
 			certificatesDurations: 24 * 7,
-			expectRenewPeriod:     time.Hour * 24,
-			expectRenewInterval:   time.Hour,
+			expectRenewPeriod:     time.Hour * 24 * 2,
+			expectRenewInterval:   time.Hour * 2,
+		},
+		{
+			desc:                  "160 hour certificate (Let's Encrypt 'shortlived' profile): 2 days renew period, 2 hour renew interval",
+			certificatesDurations: 160,
+			expectRenewPeriod:     time.Hour * 24 * 2,
+			expectRenewInterval:   time.Hour * 2,
 		},
 		{
 			desc:                  "24 Hours certificates: 6 hours renew period, 10 minutes renew interval",