Set CRL lifespan and update periode to more appropriate values

gui/apply-boulder

@@ -64,8 +64,9 @@ if [ "$PKI_DOMAIN_MODE" == "lockdown" ] || [ "$PKI_DOMAIN_MODE" == "whitelist" ]
     cat rate-limit-policies.yml | tr '\n' '\r' | sed -e "s|\(certificatesPerFQDNSet:.*must-staple.le.wtf: 10000\).*\(certificatesPerFQDNSetFast:.*\)|\1\n${REPLACEMENT}rateLimitsURL: http://$PKI_FQDN/rate-limits\n\2|" | tr '\r' '\n' > rate-limit-policies.yml.bak && mv rate-limit-policies.yml.bak rate-limit-policies.yml
 fi
 
-perl -i -p0e "s/(\"maxNames\": [^\n]*).*?(\s+)(\"lifespanOCSP\":)/\1\2\"lifespanCRL\": \"2h\",\2\3/igs" config/ca-a.json
-perl -i -p0e "s/(\"maxNames\": [^\n]*).*?(\s+)(\"lifespanOCSP\":)/\1\2\"lifespanCRL\": \"2h\",\2\3/igs" config/ca-b.json
+perl -i -p0e "s/(\"maxNames\": [^\n]*).*?(\s+)(\"lifespanOCSP\":)/\1\2\"lifespanCRL\": \"96h\",\2\3/igs" config/ca-a.json
+perl -i -p0e "s/(\"maxNames\": [^\n]*).*?(\s+)(\"lifespanOCSP\":)/\1\2\"lifespanCRL\": \"96h\",\2\3/igs" config/ca-b.json
+sed -i -e "s/\"ocspMinTimeToExpiry\": \".*\"/\"ocspMinTimeToExpiry\": \"48h\"/" config/ocsp-updater.json
 
 sed -i -e "s|\"issuerURL\": \".*\"|\"issuerURL\": \"http://$PKI_FQDN/aia/issuer/$PKI_ISSUER_NAME_ID\"|" config/ca-a.json
 sed -i -e "s|\"issuerURL\": \".*\"|\"issuerURL\": \"http://$PKI_FQDN/aia/issuer/$PKI_ISSUER_NAME_ID\"|" config/ca-b.json

patches/config_crl-updater.patch

@@ -22,8 +22,8 @@ index 875fc7ab..9c0ea6ed 100644
 -    "updatePeriod": "6h",
 -    "updateOffset": "9120s",
 -    "maxParallelism": 10
-+    "updatePeriod": "1h",
-+    "updateOffset": "120s",
++    "updatePeriod": "24h",
++    "updateOffset": "62m",
 +    "maxParallelism": 1
    },