Cert needs renewal (email) but doesn't (not due)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
robinsch.wtf
I ran this command:
sudo cerbot renew
It produced this output:
Cert not yet due for renewal
My web server is (include version):
apache2 2.4.41
The operating system my web server runs on is (include version):
debian 10
My hosting provider, if applicable, is:
digitalocean
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.40.0

Hi @RobinSchapendonk

the mail has a link to the documentation. There is the complete answer.

1 Like

I still don’t get it, why it says its not due for renewal, but it emails

What emails? Read the mail complete. Your informations are incomplete. There - https://check-your-website.server-daten.de/?q=robinsch.wtf#ct-logs - you see your reason:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-06-03 2020-09-01 robinsch.wtf - 1 entries
Let’s Encrypt Authority X3 2020-06-03 2020-09-01 robinsch.wtf - 1 entries
Let’s Encrypt Authority X3 2020-06-03 2020-09-01 robinsch.wtf - 1 entries
Let’s Encrypt Authority X3 2020-06-03 2020-09-01 earl.robinsch.wtf, robinsch.wtf - 2 entries
Let’s Encrypt Authority X3 2020-05-06 2020-08-04 robinsch.wtf, shortrsg.cf, www.robinsch.wtf - 3 entries
Let’s Encrypt Authority X3 2020-05-05 2020-08-03 robinsch.wtf, www.robinsch.wtf - 2 entries
Let’s Encrypt Authority X3 2020-05-05 2020-08-03 robinsch.wtf, www.robinsch.wtf - 2 entries

You use the first, but the mail tells you something about the older certificate with two domain names. That’s exact described in the documentation:

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

1 Like

oh that quote I’ve never seen anywhere tho. But k thanks

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.