If I understand correctly, the needed fix here is to modify /usr/sbin /make-ssl-cert to add a --expiration-days=N option that passes the value to the -days arg in the last invocation of `openssl req`, maybe similar to what I've sketched in the attached (completely untested) patch?
** Patch added: "make-ssl-cert.patch" https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1853021/+attachment/5306766/+files/make-ssl-cert.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853021 Title: ssl-cert generate-default-snakeoil provides no way to override default 10 year expiration or reduce to 825 day expiration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1853021/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs