Maybe I'm just not searching for the right thing, but I'm curious that if I set up Ignition to use self-signed certificates internally, will they auto-renew when or before they expire, or is this a manual function? By default they're valid for 1 year, so I could also extend it out to like 10 years or longer (is there a limit), but I know this isn't always best practice.
We'll be doing this for 2 scenarios. One would be where we have a server that is isolated from the internet and the end customer doesn't have any IT experience and I don't want an expired certificate from causing issues of them losing access because of an expired certificate. The other scenario is where we have a load balancer/reverse proxy in front of the server which handles all SSL termination, so this will only be encrypting data between the front end and proxy/LB, so I don't need a paid certificate as a self-signed is good enough for what we need. (reverse proxy/LB has auto-renewing LetsEncrypt certificate).