Summary

In January 2026, Let's Encrypt introduced a new short-lived 6-day certificate profile (shortlived). Kerio Connect's built-in Let's Encrypt integration, available since version 9.4, was designed for the standard 90-day certificate lifecycle and does not currently support this new profile.

The built-in ACME client in Kerio Connect is not user-configurable — there is no setting, file, or script within the installation that can be modified to switch to the 6-day profile.

Current Options

• Continue using standard Let's Encrypt certificates: The existing built-in integration (WebAdmin > Configuration > SSL Certificates > New > New Let's Encrypt Certificate) continues to work normally with 90-day certificates. See Setting up the Let's Encrypt SSL certificate in Kerio Connect 9.4.
• Use an external ACME client (unsupported workaround): If 6-day certificates are a hard requirement, you may use an external ACME client (such as Certbot) to obtain a short-lived certificate independently, then import it into Kerio Connect via WebAdmin > Configuration > SSL Certificates > Import Signed Certificate. Note that externally obtained certificates will not be auto-renewed by Kerio Connect — you would need to manage renewal and re-import every 6 days yourself. This approach is unsupported.
• Feature request: This has been logged as a product enhancement request with our product management team. Monitor Kerio Connect release notes for future updates.