Cert not due for renewal but receive expiration notice email

My domain is: a2p.ameex-mobile.com

I ran this command: /usr/bin/certbot-auto renew

It produced this output:
Cert not yet due for renewal


The following certs are not due for renewal yet:
/etc/letsencrypt/live/a2p.ameex-mobile.com/fullchain.pem expires on 2020-06-14 (skipped)
No renewals were attempted.

My web server is (include version): apache 2.4.10

The operating system my web server runs on is (include version): debian 8.7

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.3.0

1 Like

Because there are multiple certificates that currently cover the FQDN: a2p.ameex-mobile.com
See:https://crt.sh/?q=a2p.ameex-mobile.com

https://crt.sh/?id=2346908783 shows:
X509v3 Subject Alternative Name:
DNS:a2p.ameex-mobile.com
DNS:kibana.ameex-mobile.com
and will expire: 2020-04-17

https://crt.sh/?id=2292847173 shows:
X509v3 Subject Alternative Name:
DNS:a2p.ameex-mobile.com <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
and will expire: 2020-04-05

A cert was issued on 2020-03-03 for:
X509v3 Subject Alternative Name:
DNS:a2p.ameex-mobile.com
DNS:kibana.ameex-mobile.com
(https://crt.sh/?id=2531467257)

A cert was issued on 2020-03-16 for:
X509v3 Subject Alternative Name:
DNS:a2p.ameex-mobile.com
DNS:kibana.ameex-mobile.com
(https://crt.sh/?id=2584028000)

So you see, there has been no renewal of the cert with the single name on it.
Now, you may not even be using that any more; but there is no way for anyone to tell from out here.
The email itself should be clear enough to understand that it is just in case you have overlooked it.

1 Like