Today, My colleague has received an email from you(Let's Encrypt Expiry Bot). I also feel very strange for that. I have registered the domain name and SSL wildcard certificate before two years from Ali Cloud. And they are never expire until the next year. Recently, My colleague has added a entry in that domain name and import the ssl cerficate to the production system.
The below is the spam email from you. Who can tell me the root reason?
Your certificate (or certificates) for the names listed below will expire in 19 days (on 03 Dec 20 01:42 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.
How is it SPAM when it asks for nothing from you - no credit card, no "click this link".
It only provides you information about an expiring cert that is based on a certificate issued via LE to the registered email address.
Do you call anything you aren't familiar with SPAM?
Here is some real SPAM (yum):
In particular, Let's Encrypt doesn't check whether you also have some other certificate (that you might be using instead of the certificate in the expiry notice). It could be that you're intentionally allowing the old certificate to expire, in which case you can safely ignore the message. Let's Encrypt sends these as a courtesy because only the end subscriber knows whether the non-renewal was intentional or accidental.
Was your purchase from Ali Cloud for the domain name, or the domain name and a SSL certificate?
If it was for a SSL certificate, at some point you or your partner decided to obtain a (free) LetsEncrypt SSL Certificate. As @schoen and @JuergenAuer mentioned, those are only good for 90 days and renew automatically; if you do not renew within a certain timeframe, you are sent an email.
You and your colleague should figure out who first installed the LetsEncrypt certificate.
There was a point when you or someone else opted in to share your email address to receive notifications like this relating to the status of a certificate(s) obtained from LetsEncrypt. This is NOT unsolicited email.
Call it what you want but it is not SPAM mail.
You are free to OPT OUT - IGNORE or UNSUBSCRIBE any time you want.
