Email certificate renew mistake?

I’m the owner of the www.christianheritagelondon.org domain. My email address is gilbertjvirgo@gmail.com.

I’ve just received an email from expiry@letsencrypt.org saying that my certificate is set to run out in 9 days, however when I check the certificate expiry date for the site in my browser, it doesn’t seem to be set to expire until January 2020.

Which is wrong?

1 Like

Hi @gilbertv

there is a link.

Please read

When You Get an Expiration Email

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

2 Likes

Is that the only choice…“one must be wrong”?
How about “neither” is wrong?
They could very well be talking about two (very similar but) different certs.
If you review the entries at: https://crt.sh/?q=www.christianheritagelondon.org
You will see that there was a cert issued on 2019-08-09 that will expire on 2019-11-07


Checking at: https://crt.sh/?q=christianheritagelondon.org
You will see that there was a cert issued on 2019-10-03 that will expire on 2020-01-01 (Happy New Year!)

If you dig a little further you should be able to confirm that the second cert is being used as a replacement for the first one. But they are both now valid and one will expire soon; and yet they don’t seem to be “exactly the same” - which is why the expiry bot contacted you (via email).
There is no clear and obvious way to know if the first cert is no longer being used anywhere.