Domain expiration e-mail, despite successful renewal

Surprisingly Certbot managed to renew my wildcard domain *.johan.webide.se even though Certbot is not supposed to be able to do that !?

Both Chrome, Firefox and Curl seems to agree that it has been renewed.

I checked Certbot log files and it looks like the certificate was renewed successfully.

Also on https://crt.sh/?q=*.johan.webide.se it looks like it’s renewed.

But yet I got this e-mail:

Your certificate (or certificates) for the names listed below will expire in 19 days (on 27 Nov 18 11:27 +0000).

*.johan.webide.se

(The e-mail doesn’t seem to be from staging)

So can anyone confirm that both *.johan.webide.se and johan.webide.se has been renwed, or is it only johan.webide.se that has been renwed !?

Why did I get this e-mail ? And what will happen on 27 Nov

Hi @zeta

checking your domain:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:true;include_subdomains:true;domain:johan.webide.se&lu=cert_search

You are using a certificate with two names. But you had created one certificate with one domain name.

This ends 2018-011-27.

You don't need that, so so didn't renew it. But Letsencrypt can't know you don't use this -> so a mail is sent.

--> ignore the mail.

Thank you @JuergenAuer I in fact did create one certificate, then shortly after realized I wanted both the wildcard and plain in one certificate. It does make sense now!

Non-ancient versions of Certbot can automatically renew wildcard certificates if you have a DNS provider API or DNS update script configured.

@schoen I guess ancient here means a few months

Using “–preferred-challenges dns” and “–manual-auth-hook=…” and “–manual-cleanup-hook=” when registering - seems to have done the trick, using certbot 0.26.1.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.