Certificate Expiry Notification

johnCert · May 26, 2024, 12:59pm

I have received a notification that my certificates are going to expire.
However, when I run "certbot certificates" the results show that both certificates have renewed and will not expire until 08/24.
Should I be worried?

MikeMcQ · May 26, 2024, 1:02pm

Hard to say. If you provide the output of the certbot certificates command we can look at your cert history.

You probably created certs with various combinations of names and one of these is expiring. That's just a guess. You haven't given enough info to give advice.

johnCert · May 26, 2024, 1:40pm

thanks for the quick response, The certbot certificates output
Notice was for Server-0 and Server-1.
Server-0
Certificate Name: server-0.tele-metron.com
Serial Number: 46ede97fd0501173359351fb0e3da1e98ae
Key Type: ECDSA
Domains: server-0.tele-metron.com
Expiry Date: 2024-08-08 21:41:28+00:00 (VALID: 74 days)
Certificate Path: /etc/letsencrypt/live/server-0.tele-metron.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/server-0.tele-metron.com/privkey.pem
Certificate Name: tele-metron.com
Serial Number: 3ef0b273e40c744f8469ac5bdb579d77fad
Key Type: ECDSA
Domains: tele-metron.com
Expiry Date: 2024-08-19 21:34:42+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/tele-metron.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/tele-metron.com/privkey.pem

Server-1
Certificate Name: server-1.tele-metron.com
Serial Number: 372ef8a07d17203b68e48ea7ea553699f3d
Key Type: ECDSA
Domains: server-1.tele-metron.com
Expiry Date: 2024-08-18 21:39:21+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/server-1.tele-metron.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/server-1.tele-metron.com/privkey.pem
Certificate Name: tele-metron.com
Serial Number: 4fd3374c5f979290a8eb6aa83a986d61506
Key Type: ECDSA
Domains: tele-metron.com
Expiry Date: 2024-08-19 21:44:06+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/tele-metron.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/tele-metron.com/privkey.pem

MikeMcQ · May 26, 2024, 2:16pm

You previously got a cert with both server-0 and server-1 in it. That cert is expiring and has not been replaced.

It looks like you have now split those into separate certs. If so then you may not need the cert with the combined names any more. Only you can know this.

Let's Encrypt is just warning that the cert is expiring. You will receive one more notice 7 days prior to expiry.

You can lookup your cert history using various tools. One common tool is https://crt.sh. Below is a link to the cert with the combined name
crt.sh | 12363308141

johnCert · May 26, 2024, 2:39pm

thanks again for your quick reply. Not being very experienced; I did go through many struggles as I implemented load balancing. I am sure now that I had both servers on a single certificate at one time. I really appreciate the help.

system · June 25, 2024, 2:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate Installed & Valid & Working. But certbot certificates shows the expired cert Help	12	1679	November 12, 2021
SSL certificate expire date Help	5	4497	November 6, 2019
Let's Encrypt/Certbot Disagreement - Expiration Warning Email Help	4	1226	October 7, 2017
Received email notification on certificate expiring although it is not Help	3	595	August 14, 2020
Got email notitifcations about upcoming expiration but certbot-auto states 'not yet due for renewal' Help	5	791	May 8, 2020

Certificate Expiry Notification

Related topics