Conflicting Expiry Notices


#1

I’ve uploaded two screenshots (concatenated)- one is the line from the e-mail warning about expiry- the other is the output from the certbot command showing the e-mail is wrong, I guess. Just wondering why I get these incorrect e-mails.


#2

Hi @ayjay_t

You have three active certificates.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:sodbusting.com&lu=cert_search

The certificate which ends 2018-08-28:

https://transparencyreport.google.com/https/certificates/H7z0SNceGhwRQGxkR2lFiWHv6kF5ZnawsbsTLeaiYXw%3D

There is only one name - sodbusting.com

But your other certificate has two names - sodbusting.com and www.sodbusting.com

So the mail is sent becaus the certificate with the one-element name-set isn’t renewed.


#3

Hey @JuergenAuer, thanks for the help

Using Google to search for the certificates is a good idea!

I was under the impression that it was certbot sending me e-mails from my server (maybe using letsencrypt as a relay), but I can see now that it must be another mechanism. I’m guessing we don’t have any control over this or any way to manage this centrally?


#4

The mail comes from Letsencrypt. Every certificate has a set of names. If there is no new certificate with exact the same set of names and if the certificate is only 20 days valide -> the mail is created.

So if someone doesn’t change the name set and renews after 60 days -> no mail.


#5

Thanks, I appreciate the insights.


#6

You can unsubscribe from all expiry notices but unfortunately you cannot stop notifications from a particular certificate at this time.


#7

And you’ll get like two more notices for this certificate and then they will stop. It won’t haunt you forever.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.