Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g.
crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command: N/A
It produced this output: N/A
My web server is (include version): Apache 2.4.38
The operating system my web server runs on is (include version): Rasbian 5.10.63-v7l+
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 0.31.0
I got an email from
email@example.com saying that my certificate will expire in 11 days and yet, I have the following line in /etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
Shouldn't that take of the renewing? Am I missing something for the certificate to auto renew?
Which cert did the email warn you about? Was it the one with
If you are not using that anymore you can ignore the friendly reminder email.
If you could describe what about the email was confusing it might help the Let's Encrypt people write clearer language.
Thanks for the quick reply. Got this one Thursday for
Then these two were added to it yesterday
This is the email I got, why haven't they renewed before that email was sent?
Your certificate (or certificates) for the names listed below will expire in 11 days (on 02 Feb 22 03:42 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See
Integration Guide - Let's Encrypt for details.
https://crt.sh/?Identity=sylvain-maison.duckdns.org&deduplicate=Y for an overview of the certificates for your DuckDNS domain.
Also check the command
sudo certbot certificates to see which certificates are currently known in Certbot. You can cross-reference those certificates and their hostnames with the list of hostnames you previously issued certificates for from the link above.
Damn, I did have trouble at first. Didn't realized it created that many certificates lol
This is what I have as of now
Found the following certs:
Certificate Name: camera.sylvain-maison.duckdns.org
Expiry Date: 2022-04-04 10:13:08+00:00 (VALID: 66 days)
Certificate Path: /etc/letsencrypt/live/camera.sylvain-maison.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/camera.sylvain-maison.duckdns.org/privkey.pem
Certificate Name: grafana.sylvain-maison.duckdns.org
Expiry Date: 2022-04-03 08:37:57+00:00 (VALID: 65 days)
Certificate Path: /etc/letsencrypt/live/grafana.sylvain-maison.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/grafana.sylvain-maison.duckdns.org/privkey.pem
Certificate Name: ha.sylvain-maison.duckdns.org
Expiry Date: 2022-04-11 02:59:39+00:00 (VALID: 73 days)
Certificate Path: /etc/letsencrypt/live/ha.sylvain-maison.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ha.sylvain-maison.duckdns.org/privkey.pem
Certificate Name: teslamate.sylvain-maison.duckdns.org
Domains: teslamate.sylvain-maison.duckdns.org grafana.sylvain-maison.duckdns.org
Expiry Date: 2022-04-03 08:38:10+00:00 (VALID: 65 days)
Certificate Path: /etc/letsencrypt/live/teslamate.sylvain-maison.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/teslamate.sylvain-maison.duckdns.org/privkey.pem
Certificate Name: weewx.sylvain-maison.duckdns.org
Expiry Date: 2022-04-04 10:13:22+00:00 (VALID: 66 days)
Certificate Path: /etc/letsencrypt/live/weewx.sylvain-maison.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/weewx.sylvain-maison.duckdns.org/privkey.pem
So I can ignore those old certificates I'm not using, right?
Welcome to the Let's Encrypt Community
Yep. If the unneeded certificates' private keys haven't been compromised, just delete the unneeded certificates and their private keys.
Use this to find an unneeded certificate's Certificate_Name:
sudo certbot certificates
Use this command to safely delete an unneeded certificate and its private key:
sudo certbot delete --cert-name Certificate_Name
That will prevent the unnecessary renewal of any unneeded certificates.
I don't think the 'unneeded' are anywhere to be found. The only one I have are the one I posted above and they are the same ones I have in my /etc/letsencrypt/live directory
I think that refers to existing certs that are no longer in use (anywhere).
Ignoring them isn't really the best choice.
If any of the five certs shown are no longer in use, then you can delete them using the command provided by @griffin
Those displayed by
certbot certificates are used. It's those that showed up when I ran
that I'm talking about. Lots more than what '
certbot certificates' are showing.
You can definitely
ignore anything that isn't listed by
[they no longer exist in your system]
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.