Integrated the renewal_window_ratio parameter into the Caddyfile syntax

[nicocau]

Issue Details

I need to adjust the TLS certificate renewal window (e.g., to renew 15 days before expiry instead of the default 30 days).

While this is possible in the JSON configuration via apps/tls/automation/policies/renewal_window_ratio, it is not currently exposed in the Caddyfile.

To achieve this today, I am forced to abandon the Caddyfile workflow entirely or use complex scripts to caddy adapt, inject the JSON field via jq, and then run the JSON. This adds significant friction for a parameter that is relatively simple.

I would like to be able to configure the renewal ratio directly within the Global Options block of the Caddyfile.

Proposed syntax:

{
    # Example: Renew when 15% of lifetime remains (approx 13-14 days for Let's Encrypt)
    renewal_window_ratio 0.1666 
}

Thank you in advance for considering my request.

Assistance Disclosure

AI used

If AI was used, describe the extent to which it was used.

Gemini to help writing the issue

[francislavoie]

This is the first I hear of anyone wanting to change this. What's your usecase for changing the renewal window? Why not renew early as per Let's Encrypt recommendation? In fact, with ARI, this property will often be ignored because the issuer will tell the client when to perform renewal instead.

That said, I have no problem with adding Caddyfile support, but I want to understand why you need this in the first place.

[nicocau]

Thanks for getting back to me.

You are right, this is a specific edge case compared to public CAs like Let's Encrypt.

My use case involves a private PKI (exposing an ACME server) where we are billed per issued certificate.

Because of the billing model, we are required to delay renewal until about 15 days before expiration to optimize costs and avoid over-billing.

The certificates have a 1-year validity. Since Caddy attempts renewal at the 2/3 mark (approx. day 243 for a 1-year cert), we end up "losing" about 228 days of validity per cycle.

Regarding ARI, our internal ACME server does not support it yet, so we currently rely on the client's configuration to manage the renewal window.

Having Caddyfile support for this would allow us to enforce that 15-day window without needing a custom build or complex JSON config.

[mholt]

Fair enough, happy to accept a PR for this!

[mehrdadbn9]

Hi maintainers

i would like that assing it to me i appreciate kindness

[francislavoie]

We don't assign things. Just work on it if you want.

[mehrdadbn9]

Sure, i would do it tnx for saying it

…

On Thu, Feb 12, 2026, 10:45 PM Francis Lavoie ***@***.***> wrote: *francislavoie* left a comment (caddyserver/caddy#7467) <#7467 (comment)> We don't assign things. Just work on it if you want. — Reply to this email directly, view it on GitHub <#7467 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ATDCU24D6NZDMRJ7KBL3VK34LTGOPAVCNFSM6AAAAACUXPMVRGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTQOJSHEYDIOBSG4> . You are receiving this because you commented.Message ID: ***@***.***>