Cert Renewal Confusion

Hi folks,
I'm a noob at cert renewal, so apologies up front.

My domain is: aerv.us
I'm running the site on GCP Linux and have all required ssh console access. $ certbot --version => 1.16.0

My Problem: Cert Renewal went well, but now things look different. Perhaps a merge is needed? I'm not sure what the problem is here:

  1. It looks like I have 2 accounts? From /etc/letsencrypt/accounts:
    a) "https://acme-staging-v02.api.letsencrypt.org/acme/acct/16761901" and
    b) "https://acme-v02.api.letsencrypt.org/acme/acct/103237838"

  2. I had 2 separate configs under /etc/letsencrypt/renewal and removed one of the configs because I was receiving an error message during renewal. After the clean-up, cert renewed normally. However, I just received an email stating: "Your certificate for *.aerv.us will expire in 10 days (on 28 Jun 21 13:55 +0000)"

  3. crt.sh shows all normal, but Google Transparency does show an expiring Cert on 6/28.

Hence my title Renewal Confusion. Thanks for your input on how to fix or just ignore this.

1 Like

One is for the staging environment and the other is for the production environment.

Please read the expiry e-mail documentation linked in the expiry e-mail itself. It explains why you can get such an e-mail while your certificate doesn't seem to need reneway (yet).

Here you can clearly see one of your certificates expiring on June 28.

Please see page 2. Google doesn't seem to understand logical sorting of the results.


Hi, Thanks for the answer.

Here you can clearly see one of your certificates expiring on June 28.

Yes, I see it after you having pointed it out.
And expiring Cert is on Page 2 of Google Transparency - neglected to mention.

So is there anything to fix here, or what? I mean it looks fine to me, as long as the Cert covers "*.aerv.us". If you could confirm, I'll close this out.

Thanks and Regards.


Does it need fixing? Please look closely to the crt.sh output (especially the hostnames contained in the certificates listed) and compare it to your current certificate. It also seems you didn't follow up on my first tip to read the expiry e-mail documentation.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

This might help clarify:


Thank you for the help.

It was the cleanup as mentioned in (2) of first post that got me questioning in the first place.

Nothing to see here, moving along.

No thread close feature on forum - interesting.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.