etc/config.tcl: Fix the validity duration for certificates.

I misremembered that the durations are measured in hours, not days.
But actually 28 hours isn't enough, because hosts refresh their cache
of the certificate store at different times of night: we must have the
new certificates ready for the early risers, and the old ones must
still be valid until time that the late risers are done.

diff --git a/etc/config.tcl b/etc/config.tcl
index 47e61b6..84a7651 100644 (file)
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -16,14 +16,14 @@ set P(tls-client) {
   extensions tls-client-extensions
   issue-time "*-*-* 03:00:00"
   start-skew 1
-  expire-interval 2
+  expire-interval 32
 }
 
 set P(tls-server) {
   extensions tls-server-extensions
   issue-time "*-*-* 03:00:00"
   start-skew 1
-  expire-interval 2
+  expire-interval 32
 }
 
 proc update-hook {} {