We renew them 30 days early, but our edge caches may keep using the previous one until ~7 days before it expires. If you run fly certs show <hostname> you should see what the most up to date version we have is.
2 Likes