When we first launched Oh Dear, we had a fixed certificate expiration timer: 14 days. As soon as the expiration date came within 14 days, we'd start sending a daily reminder to hurry up and renew those certificates.
Our first exception was made when Let's Encrypt gained more in popularity. We started notifying Let's Encrypt certificates 7 days before expiration date. The reason there was most auto-renewal systems will kick in 14 days before expiration date, our default threshold was just at that edge and caused us to send renewal reminders right around the time most scripts would renew automatically.
This 7/14 split worked pretty well for a long time and served most of our customers. But we understand not all renewals are as simple as that.
Because internal rules or validations might take longer, we're adding a custom setting per site that allows you to inrease or shorten the threshold for when you want to start receiving renewal reminders for your
SSL TLS certificates.
You can now choose any number of days you'd like, whatever suits your need.
For Extended Validation certificates or Organization Validated certificates, we recommend a safety net of 30 days.