🚀: Allow manual ACME certificate refresh

[i404788]

Which feature or improvement would you like to request?

I'd like to be able to manually request a certificate refresh for the ACME requested certs (maybe listing/deleting them makes more sense?).

Is your feature request related to a problem?

Currently it is not possible to properly refresh ACME certificates, this becomes an issue when you end up with an invalid cert.

For example I've gotten a cert with 40B70C88E17F0000:error:0A00007B:SSL routines:tls_process_cert_verify:bad signature:ssl/statem/statem_lib.c:581: from letsencrypt from their E5 CN (reason unknown). Even though all fields were valid.

I suppose alternatively stalwart could check if it's own certs are valid but I'm not sure what complexity that has.

Currently there is a workaround by setting the ACME provider's "Renew before" to the entire validity duration of the cert (90 days in case of letsencrypt), and then quickly resetting it to the desired value; this will refresh all covered certs though. Given there is a workaround that works (if you know how, and don't mind the noise), I would call this fairly low-priority.

Code of Conduct

• I agree to follow this project's Code of Conduct

[xenadmin]

I had the very same issue while setting up stalwart just a few days ago.
It's quite annoying, that you get zero information about the ACME certificates itself, in the webadmin GUI.

Source and my discoveries: https://discord.com/channels/923615863037390889/1334292520175403038