I purchased a domain on 2023-07-07 on Gandi. On 2023-09-15 I received a first expiration email, then a second one on 2023-09-28 (6 days ago) warning me the certificates will expire:
Hello,
Your certificate (or certificates) for the names listed below will expire in 19 days (on 2023-10-05). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
I have two domains, ????.com and www.????.com, and received emails for both domains.
My renewal is setup as a cron job which just runs the following command.
certbot renew --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini --server https://acme-v02.api.letsencrypt.org/directory --cert-name www.****.com
where gandi.ini holds my dns_gandi_api_key value.
I am surprised I received emails, anyway I decided to run the command manually today.
It produced this output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.????.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/www.????.com/fullchain.pem expires on 2024-01-02 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Linux Debian
My hosting provider, if applicable, is: Gandi
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): on Gandi, I can manage my domain through a control panel. Otherwise I have admin access to the Apache web server and host.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.0. I set it up myself via a Python venv installed with:
python3 -m pip install acme==1.32.0 certbot==1.32.0 certbot-apache==1.32.0 certbot-plugin-gandi
Using Python 3.9.2.
The venv in which certbot is is activated through 'source activate' before running the cerbot renew command (I am familiar with Python development).
When going to crt.sh, the most recent entry related to my domain is dated 2023-07-08, and mentions something with ZeroSSL. Two previous entries relate to Let's encrypt.
As a possible explanation for the email, I might have created a certificate twice on 2023-07-07 (I unfortunately don't remember very well). I mean, instead of creating a single certificate then renewing it, I might have created one, then another one. In this case, I presume the first (dumped) certificate has never been renewed and may therefore trigger the emails I am receiving?
Or is there something perhaps more worrying?
Thanks for your help.
