Does it or does it not need renewing?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I received a letter saying this:

Hello,

Your certificate (or certificates) for the names listed below will expire in 10 days (on 22 Dec 19 21:21 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.

phrancko.com


My domain is:
phrancko.com

However I ran this command:
sudo certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.phrancko.com.conf


Cert not yet due for renewal


The following certs are not due for renewal yet:

/etc/letsencrypt/live/www.phrancko.com/fullchain.pem expires on 2020-02-21 (skipped)

No renewals were attempted.


So then I ran this:

(myenv) [ec2-user@ip-10-0-0-230 phrancko-project]$ sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: www.phrancko.com
Domains: www.phrancko.com phrancko.com
Expiry Date: 2020-02-21 05:46:11+00:00 (VALID: 70 days)
Certificate Path: /etc/letsencrypt/live/www.phrancko.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.phrancko.com/privkey.pem


Certificate Name: www.phrancko.com
Domains: www.phrancko.com phrancko.com
Expiry Date: 2020-02-21 05:46:11+00:00 (VALID: 70 days)
Certificate Path: /etc/letsencrypt/live/www.phrancko.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.phrancko.com/privkey.pem


My web server is (include version):
Apache

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.26.1

I thought the fact that phrancko.com is including with the www.phrancko.com means they both get renewed at the same time. Since the certificate www.phrancko.com does not need to be renewed, is there something else I must do for phrancko.com?

Frank Jernigan

1 Like

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

You issued a different certificate that only contains the name phrancko.com in September.

https://phrancko.com/ is currently using your new certificate that includes both names. As long as you’re not using the September certificate for anything else, you can ignore the emails about it. :slightly_smiling_face:

2 Likes

Thanks for the explanation. I guess it resulted from some confusion and difficulty I had about my certificate in September. I don’t remember the details now.

What I think you are saying is, as long as the certificate I showed in my initial message in this thread is good, then the email is irrelevant and my site is okay for both names. If I didn’t get the right, please let me know.

I really appreciate the responsiveness to my inquiries here. You guys rock!

Frank

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.