Email about Certificate expiry,

szinser · February 17, 2019, 8:07pm

I am using certbot for LE renewal and with the command
“certbot certificates” I get told that the certificate on my domain runs until end April.
However I have got an e-mail from LetsEncrypt Expiry Bot,
subject: Let’s Encrypt certificate expiration notice for domain “…”
(2 days ago)
So whom do I believe (email or certbot) and how do i fix this ?
Any help welcome - I am complete newbie with this.
Thanks

JuergenAuer · February 17, 2019, 8:18pm

Hi @szinser

you may have created certificates with different sets of domain names. So you use one certificate with two domain names, but a certificate with one domain name expires.

Please read

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

jmorahan · February 17, 2019, 8:20pm

That page used to be linked in the reminder email itself, but no longer, it seems.

rg305 · February 18, 2019, 4:36am

Perhaps that (in some cases), relying on “regardless of which account created it” could cause a false positive and thus would exclude some from those whom still actually needed an email notification, prompted the link exclusion…

[but I am far from the “field of play”, so this is just one bystanders’ view]
[as seen from off into the sidelines… (and way way up into the stands)]

szinser · February 18, 2019, 6:23am

hmm. I did have the bot set up a certificate for my “example.com” and corrected later for my “www.example.com” so it was twice interaction - or maybe three or four times - until I had it running. For in the certificate both are listed as valid until late April, then I probably can ignore the email? And the email is a remnant from the first set-up?
Just the command (certbot certificate) does not give me any other certificate but the one set.
And I never used another account…
thanks already

JuergenAuer · February 18, 2019, 8:12am

Maybe. Without your domain name it's impossible to check that.

With your domain name we can check if your website is secure (or use https://check-your-website.server-daten.de/ ) and which certificates you have created. With one of the CT log search engines.

https://transparencyreport.google.com/https/certificates

system · March 20, 2019, 8:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Keep getting certificate expiration notice emails even though certificate already renewed Issuance Tech	4	2348	January 7, 2017
Expiry notice when domains certs aren’t expiring Help	2	627	November 18, 2018
Let's Encrypt Expiry Bot mails missing information Help	3	674	April 25, 2021
Lets Encrypt mail for renew but certbot certificates says renewed Help	11	1526	December 9, 2018
Certificates valid but still getting mail with certificate expiration? Help	8	1958	November 24, 2021

Email about Certificate expiry,

Related Topics