Email about Certificate expiry,


#1

I am using certbot for LE renewal and with the command
“certbot certificates” I get told that the certificate on my domain runs until end April.
However I have got an e-mail from LetsEncrypt Expiry Bot,
subject: Let’s Encrypt certificate expiration notice for domain “…”
(2 days ago)
So whom do I believe (email or certbot) and how do i fix this ?
Any help welcome - I am complete newbie with this.
Thanks :slight_smile:


#2

Hi @szinser

you may have created certificates with different sets of domain names. So you use one certificate with two domain names, but a certificate with one domain name expires.

Please read

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.


#3

That page used to be linked in the reminder email itself, but no longer, it seems.


#4

Perhaps that (in some cases), relying on “regardless of which account created it” could cause a false positive and thus would exclude some from those whom still actually needed an email notification, prompted the link exclusion…

[but I am far from the “field of play”, so this is just one bystanders’ view]
[as seen from off into the sidelines… (and way way up into the stands)]


#5

hmm. I did have the bot set up a certificate for my “example.com” and corrected later for my “www.example.com” so it was twice interaction - or maybe three or four times - until I had it running. For in the certificate both are listed as valid until late April, then I probably can ignore the email? And the email is a remnant from the first set-up?
Just the command (certbot certificate) does not give me any other certificate but the one set.
And I never used another account…
thanks already :slight_smile:


#6

Maybe. Without your domain name it’s impossible to check that.

With your domain name we can check if your website is secure (or use https://check-your-website.server-daten.de/ ) and which certificates you have created. With one of the CT log search engines.

https://transparencyreport.google.com/https/certificates

https://crt.sh/


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.