Let's Encrypt, a non-commercial CA, controlled by the community and providing certificates free of charge to everyone, announced the implementation in its infrastructure of support for ARI (ACME Renewal Information), an extension of the ACME protocol that allows you to send information to the client about the need to renew certificates and recommend the best time for renewal. The ARI specification is undergoing a standardization process by the IETF (Internet Engineering Task Force) committee, which develops the protocols and architecture of the Internet, and is at the stage of reviewing a draft version.
Prior to the introduction of ARI, the client itself determined the certificate renewal policy, for example, by periodically running the renewal process via Cron, or by making decisions based on parsing the lifetime of the certificate. This approach led to difficulties when it was necessary to revoke certificates early, for example, it was necessary to contact users by email and force them to perform a manual renewal.
The ARI extension allows the client to define a recommended certificate renewal time, not be tied to the 90-day lifetime of certificates, and not worry that an unscheduled certificate revocation might be missed. For example, in the case of an early revocation through ARI, the update might be triggered after 90 days instead of 60. In addition, ARI allows you to effectively smooth out the peak load on Let's Encrypt servers by choosing the time to update based on the load of the infrastructure. GET https://example.com/acme/renewal-info/ "suggestedWindow": { "start": "2023-03-27T00:00:00Z", "end": "2023-03-29T00:00:00Z" Β»},
Source: opennet.ru