Incorrect “Renew” date shown in acme.sh --list when using --cert-profile shortlived #6633
Description
Hello,
I’m testing Let’s Encrypt’s new IP address certificates using the short-lived ACME profile on the staging environment.
According to the official announcement from Let’s Encrypt:
https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate
The certificate issuance works perfectly with acme.sh.
Here is the command I used:
acme.sh --issue -d 193.42.XXX.XXX \
--webroot /var/www/acme \
--cert-profile shortlived \
--server https://acme-staging-v02.api.letsencrypt.org/directory \
--forceThe IP certificate is created without any problem.
However, when I run:
acme.sh --listI get the following line:
Main_Domain KeyLength SAN_Domains Profile CA Created Renew
193.42.XXX.XXX "ec-256" no shortlived LetsEncrypt.org_test 2025-11-22T14:31:00Z 2026-01-20T14:31:00Z
The issue is with the Renew value.
Since short-lived IP certificates issued by Let’s Encrypt staging are valid for about 160 hours (≈6–7 days), the “Renew” date shown by acme.sh is incorrect. It displays a renewal time as if the certificate lasted 90 days.
This makes the renewal logic misleading when using:
--cert-profile shortlived- Let’s Encrypt’s short-lived IP certificate profile
Expected behavior:
When the certificate profile is shortlived, the “Renew” date should respect the actual validity of the cert (e.g., ~6–7 days), not the default 90-day schedule.
This would ensure automatic renewal behaves correctly and the displayed information matches the real certificate validity.
Thank you for your work on acme.sh.