Email notifications that certificate will expire, but command line says i'm fine


#1

Hey guys, I keep getting emails that my domain’s certificates will expire in about a week, but when I run the letsencrypt command everything seems fine and it says domain still has more than two months to go… what’s wrong? do i have to worry about the certificates expiring or not?

Email:
Your certificate (or certificates) for the names listed below will expire in 8 days (on 9 Jan 19 19:15 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
[…]
subdomain.domain1.com
subdomain2.domain2.com

I ran this command:
/usr/local/bin/php /home/username/letsencrypt/bin/letsencrypt -n

It produced this output:
Processing certificate subdomain.domain1.com (subdomain.domain1.com)…
Certificate is valid until 17.03.2019
Certificate still valid for domains: subdomain.domain1.com.
Certificate previously installed for domains: subdomain.domain1.com.
Processing certificate subdomain2.domain2.com (subdomain2.domain2.com)…
Certificate is valid until 17.03.2019
Certificate still valid for domains: subdomain2.domain2.com.
Certificate previously installed for domains: subdomain2.domain2.com.
No certificates were issued and/or installed.

My web server is (include version): cpanel shared server running letsencryptPHP
https://github.com/imbrish/letsencrypt using ACME client

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: namecheap

I can login to a root shell on my machine (yes or no, or I don’t know): no, but i have an ssh account with limited priviledges

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, cpanel 11


#2

What’s your domain?

You’re probably getting emails about certificates that you no longer use, either because you deleted them, or because you replaced them with new certificates with different combinations of subdomains. If you’ve made sure that’s the case, you should just ignore the emails. (They’ll stop after the certificates expire.)


#3

i rather not post the domain names on a public forum for fear of looking stupid when someone googles it, but anyway thanks, i found an online tool to check certificates and all seems to be okay, it doesn’t report any second certificate that is about to expire though for these subdomains so really weird i am getting these emails…


#4

Hi @Kaas

this isn’t weird. Letsencrypt doesn’t know which certificate you use, which certificate is a backup etc.

Someone creates a certificate with domain name 1 + 2, uses this. Then he needs a third domain to test, so a certificate with three names is required. Two weeks later, the test is stopped, the customer is gone … the first certificate is good.