Cryptic/Erroneous Expiration Notice (Email)

PearlDomains.com

2024-06-06: Received erroneous, cryptic, and somewhat disturbing LetsEncrypt email notice 10 days after the domain autorenewed, stating that the domain "will expire in 18 days (on 2024-06-24)". However, the actual expiration date is 2024-08-24, nowhere near expiration. The notification was "distrubing", because I was certain all was in order. After deep diving on my server for renewal evidence, I decided to ignore the email. I'll probably just cancel such notifications. * NOTE: LetsEncrypt logs entries need to include domain and the "certbot certificates" command should include a "Last Updated" field in order to make finding the update status easy and "crystal"!.

Certbot 2.11.0

There was a certificate issued for pearldomains.com that expires on June 26:

The notification is true and valid, even if that cert is no longer in use by your site. The domains your site is serving has a different SAN set. (www and non-www variants).

6 Likes

Well, that's just 90 days before the expiry date in case of Let's Encrypt, but perhaps it could be usefull for other CAs. I think e.g. BuyPass issues certs valid for 180 days. Certbot is developed by the EFF, not Let's Encrypt, so it's probably better to open an issue at Issues · certbot/certbot · GitHub if you want to make it a feature request.

Further more, from the hundreds of "expiry notification email is wrong" threads, I've never seen any erroneous expiry email from Let's Encrypt. I'm up to 99.9999999999999 % certain you've modified your certificate earlier and Let's Encrypt now simply follows the rules as set forth at Expiration Emails - Let's Encrypt.

2 Likes
4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.