With ACM enabled, certs expire every 90 days, and 30 days before it ends, the new cert is issued. We will serve root certs to the shlugs, but even those run on a shorter timeframe. So, we should automatically serve new certs when they become available.
We can get our own certs using openssl s_client -showcerts -connect yourdomain.com:443, and then send them to devices.
With ACM enabled, certs expire every 90 days, and 30 days before it ends, the new cert is issued. We will serve root certs to the shlugs, but even those run on a shorter timeframe. So, we should automatically serve new certs when they become available.
We can get our own certs using
openssl s_client -showcerts -connect yourdomain.com:443, and then send them to devices.