Email received saying certificate due to expire on 05 Jun 19 18:14 +0000

phillw · May 16, 2019, 8:19pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: faircam.net

I ran this command: it is a cron job, checked in /var/log/le-renew.log

It produced this output:
The following certs are not due for renewal yet:
/etc/letsencrypt/live/faircam.net/fullchain.pem expires on 2019-08-04 (skipped)
/etc/letsencrypt/live/www.faircam.net/fullchain.pem expires on 2019-08-05 (skipped)
No renewals were attempted.

My web server is (include version): nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

JuergenAuer · May 16, 2019, 8:36pm

Hi @phillw

your certificate of your wesite has two domain names ( https://check-your-website.server-daten.de/?q=faircam.net ):

CN=faircam.net
	06.05.2019
	04.08.2019
expires in 80 days	faircam.net, www.faircam.net - 2 entries

But you have some active certificates with only one domain name:

CertSpotter-Id	Issuer	not before	not after	Domain names
898989853	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-05-07 13:38:49	2019-08-05 13:38:49	www.faircam.net
1 entries
897685078	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-05-06 20:29:18	2019-08-04 20:29:18	faircam.net, www.faircam.net
2 entries
799890197	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-03-08 12:30:44	2019-06-06 12:30:44	www.faircam.net
1 entries
798690851	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-03-07 19:30:54	2019-06-05 19:30:54	faircam.net, www.faircam.net
2 entries
798619869	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-03-07 18:14:30	2019-06-05 18:14:30	faircam.net
1 entries

So Letsencrypt doesn't know which certificate you use. The certificate with the non-www version isn't renewed -> that's the mail.

Perhaps you should check your configuration to delete certificates with only one domain name.

phillw · May 17, 2019, 11:45am

Thanks for the answer, the server is ubuntu 16.04 running apache, where would I check for which certificates to remove and what would be the method (other than rm !!).
Thanks
Phill.

JuergenAuer · May 17, 2019, 12:49pm

Use the certbot commands:

certbot certificates

to see the certificates, then

certbot delete [certificatename]

system · June 16, 2019, 12:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.