From 2ce182166755f6453f8cdf91aa8ff57a29df98c5 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 22 Jun 2024 19:41:15 -0500
Subject: [PATCH] step-ca: Allow longer validity for ACME certificates

By default, step-ca issues certificates that are valid for only one day.
This means that clients need to have multiple renew attempts scheduled
throughout the day, otherwise, missing one could mean having their
certificates expire.  This is unnecessary, and not even possible in all
cases, so let's make the default validity period longer and avoid the
issue.
---
 step-ca/ca.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/step-ca/ca.json b/step-ca/ca.json
index 41fe141..9623ecc 100644
--- a/step-ca/ca.json
+++ b/step-ca/ca.json
@@ -25,7 +25,11 @@
 		"provisioners": [
 			{
 				"type": "ACME",
-				"name": "acme"
+				"name": "acme",
+				"claims": {
+					"maxTLSCertDuration": "744h",
+					"defaultTLSCertDuration": "168h"
+				}
 			},
 			{
 				"type": "OIDC",