We’ve noticed that when we use certbot to update the domains of a certificate (e.g. using the --expand flag) Let’s Encrypt will still send expiration emails for the old certificate. This matches what is said in the docs:
If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate.
Is there any way to prevent the expiration email for the old certificate from being sent?
Kinda. If you revoke every unexpired certificate for the unexpanded version, you shouldn’t get any messages about it. But this is super hacky and probably a bit impolite to Let’s Encrypt’s server resources.
You do not have to provide an email address when registering an ACME account. With Certbot, this is with --register-unsafely-without-email. With other ACME clients, it will vary.
And of course, you can hit the unsubscribe link in any of those emails, to completely unsubscribe your email address from any emails from the expiry bot.