Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I checked the certs for both domains you showed and both have a long time remaining before expiry. They would not normally be auto-renewed unless you have setup your renewal to be unusually early (not recommended). And, neither is close enough to expiry to have received a warning email.
Can you explain more about the problem?
Specifically, I used the SSL Checker tool in links I include
cert for govast.com has 55 days before expiry (link here)
Hi. Thanks for the quick reply. I had to manually renew the domain. Also, myultrasoundtutor.com had to be manually renewed this morning. It had expired and we didnt know until a customer visited the site.
Which one? Because neither domain in your first post is using a cert that was issued recently
What method do you use to get/renew certs? cPanel?
Looking at crt.sh history (link here) for myultrasoundtutor it looks like your renewal in Oct was not on schedule either. What changed between the Jul cert and Oct one?
You should ask fastcomet about these failures. Something in your cPanel setup has gone wrong. Another volunteer with more experience in cPanel might give you suggestions on just what to ask them about. There is nothing more I can offer given the info you have provided.
Hi Mike I asked our host about the issue and this is their reply:
Unfortunately, the automatic renewal of the Let's Encrypt SSL certificates is not handled directly by us, and is instead handled by said third-party service. Unfortunately, we do not have any means of communicating with this third-party service, nor can we guarantee that the SSL certificates will renew properly. We do not have access to their logs either, to find out why the failures are occurring. I can see how this explanation is not the most satisfactory one, but I hope for your understanding on this matter.
If this issue was something we had direct control over, or any means of remedying, we would have done something about it already. This is not something we want our customers to experience at all.
Also, what is happening right now may be a temporary occurrence. Our other suggestion here would be to renew all the Let's Encrypt certificates you use, so that all of their renewals come at the same time in three months. You should not experience any issues then, and even if you do I see that you do not have many domains which use Let's Encrypt, so manual renewal would be the best way to ensure the domains are secured and renew them manually in order to skip any interruptions with your websites.
Their explanation with regard to not having access to the Let's Encrypt (LE) log files is inadequate: with ACME there's always a server (LE) and a client, in this case something that's running at your hosting providers server. This ACME client also generates a log file and that log file is the first and utmost important item to check to see where things are going awry.
Another thing not correct is the notion that "automatic renewal" is handled by the "third-party service" (LE): this is factually incorrect (from my point of view with a certain interpretation of the word "handled"): the ACME client initiates a renewal from the ACME server. LE will let any certificate expire if it's not renewed at the request of the ACME client. In fact, a renewal is nothing more than a brand new certificate with just the same set of hostnames as a previously issued certificate. In any case, renewal is NOT initiated by the "third-party service" and is, in fact, handled by your hosting providers ACME client.
It sounds like you've had contact with someone from your hosting provider lacking proficient knowledge of the ACME process and has therefore helped you inadequately IMO. If I were you, I would not be as understanding with their explanation as requested by your hosting provider. They should be more helpful.