Domain expiration e-mail, despite successful renewal


#1

Surprisingly Certbot managed to renew my wildcard domain *.johan.webide.se even though Certbot is not supposed to be able to do that !?

Both Chrome, Firefox and Curl seems to agree that it has been renewed.

I checked Certbot log files and it looks like the certificate was renewed successfully.

Also on https://crt.sh/?q=*.johan.webide.se it looks like it’s renewed.

But yet I got this e-mail:

Your certificate (or certificates) for the names listed below will expire in 19 days (on 27 Nov 18 11:27 +0000).

*.johan.webide.se

(The e-mail doesn’t seem to be from staging)

So can anyone confirm that both *.johan.webide.se and johan.webide.se has been renwed, or is it only johan.webide.se that has been renwed !?

Why did I get this e-mail ? And what will happen on 27 Nov :smiley:


#2

Hi @zeta

checking your domain:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:true;include_subdomains:true;domain:johan.webide.se&lu=cert_search

johan.webide.se Let’s Encrypt Authority X3 2 03.11.2018 01.02.2019 1 Details ansehen
johan.webide.se Let’s Encrypt Authority X3 2 04.09.2018 03.12.2018 1 Details ansehen
*.johan.webide.se Let’s Encrypt Authority X3 1 29.08.2018 27.11.2018 1 Details ansehen
johan.webide.se Let’s Encrypt Authority X3 2 03.11.2018 01.02.2019 4 Details ansehen

You are using a certificate with two names. But you had created one certificate with one domain name.

This ends 2018-011-27.

You don’t need that, so so didn’t renew it. But Letsencrypt can’t know you don’t use this -> so a mail is sent.

–> ignore the mail.


#3

Thank you @JuergenAuer I in fact did create one certificate, then shortly after realized I wanted both the wildcard and plain in one certificate. It does make sense now!


#4

Non-ancient versions of Certbot can automatically renew wildcard certificates if you have a DNS provider API or DNS update script configured. :slight_smile:


#5

@schoen I guess ancient here means a few months :wink:

Using “–preferred-challenges dns” and “–manual-auth-hook=…” and “–manual-cleanup-hook=” when registering - seems to have done the trick, using certbot 0.26.1.