Emails not receiving for all cert renewals

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: qomplxos.com

We provide an email while setting up our account and not receiving emails after the cert renewal with new date.

Any help here fellas

Thanks
Vikram

What kind of e-mails are you expecting? Let's Encrypt does not email you when you have succesfully renewed the certificate. Only when Let's Encrypt notices a certificate will expire when a renewal did not happen for that exact set of hostnames.

Ooh dear… Ok ok
What I am expecting is: Once the cert is renewed, I was looking for an email with updated/renewed date for the cert as all of our certs are set for auto-renewal.

If Lets Encrypt does not remind organizations with newly renewed cert expiry date, is there a mechanism to set alerts with the same?
Please do let me know.
Thanks

Those e-mails are not send by Let's Encrypt.

There might be third party services on the web, but I don't know any by the top of my head. All certs by Let's Encrypt are submitted to multiple certificate transparancy logs, so perhaps a third party service uses that where you could sign up your hostnames, so it'll e-mail you when any (not just Let's Encrypt) certificate with those hostnames are issued.

About the emails: I am confused here… the emails we are getting is from lets org.

About the alerts: Thanks, I will look into the third party services.

Thanks again…

This sounds like an opportunity of sorts…
Not sure of the demand though.

So you're saying you're getting e-mails from Let's Encrypt? (I'm assuming you meant "Let's Encrypt" when you said "lets org"..) If you're confused, perhaps you could post such an email here and we can take a look what we're exactly talking about.

Yes it is - in a way.
Most of our certs are set to auto-renewal, I guess its fine for us. However when management people needs list the certs and wants to know and that’s when we need proper alerting sort of “Dashboard” to keep the info transparent.

Yes, we are getting emails from “expiry@letsencrypt.org”. It updates us with only for certain certs not the full list. Hence this thread.

Those e-mails are a notice about the oncoming expiry of a certificate! Not a notice about a renewal! It’s just the opposite of that. It notices you Let’s Encrypt didn’t see a renewal with a certificate containing the exact same set of hostnames as the certificate which is about to expire. And that could lead to errors/warnings in browsers about expired certificates, leading to loss of visitors.

Please read this for more information:

Yeah Osiris, probably my wordings was off.
So about the alerting portion, I guess I will reach out to the third party CT logs provider and see if they can alert us with the cert expiry dates.

Thanks

Of course you could perhaps script this easily by yourself if your ACME client setup isn't too complex. Because in the end, you as the end user, receive the certificate from Let's Encrypt so you could extract the expiry date yourself.

Ghe, didn't know this, but even Facebook offers a CT log monitoring service:

There are probably plenty more where that came from, I just searched on "ct log monitoring".

Depending upon your setup (e.g. if you have a hosting panel that offers such), you can sometimes have the panel send you such notifications. I get upcoming expiration notifications from cPanel along with the ones from Let’s Encrypt. I don’t recall there being functionality there for renewal notifications though. Might be an interesting feature request as a “notification is better than silence” approach to confirming successful renewals.

Have a look at KeyChest:

It's been around for a while now and I like it :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.