step ca renew
step ca renew – renew a valid certificate
step ca renew
step ca renew command renews the given certificates on the certificate
authority and writes the new certificate to disk either overwriting
or using a new file if the –out=
file flag is used.
- The certificate in PEM format that we want to renew.
- They key file of the certificate.
URIof the targeted Step Certificate Authority.
- The path to the PEM
fileused as the root certificate authority.
- The new certificate
filepath. Defaults to overwriting the
durationcheck that will be performed before renewing the certificate. The certificate renew will be skipped if the time to expiration is greater than the passed one. A random jitter (duration/20) will be added to avoid multiple services hitting the renew endpoint at the same time. The
durationis a sequence of decimal numbers, each with optional fraction and a unit suffix, such as “300ms”, “-1.5h” or “2h45m”. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”.
- Force the overwrite of files without asking.
Renew a certificate with the configured CA:
$ step ca renew internal.crt internal.key Would you like to overwrite internal.crt [Y/n]: y
Renew a certificate without overwriting the previous certificate:
$ step ca renew --out renewed.crt internal.crt internal.key
Renew a certificate forcing the overwrite of the previous certificate:
$ step ca renew --force internal.crt internal.key
Renew a certificate providing the
$ step ca renew --ca-url https://ca.smallstep.com:9000 \ --root /path/to/root_ca.crt internal.crt internal.key Would you like to overwrite internal.crt [Y/n]: y
Renew skipped because it was too early:
$ step ca renew --expires-in 8h internal.crt internal.key certificate not renewed: expires in 10h52m5s