Expiration notices with wrong date


#1

Hi,

I’ve been receiving expiration notices by email about domains that are supposed to expire today (30 Apr). certbot command tells me that these domains (mariogl.com and two subdomains) expirate on Juny, and also digicert.com says so. In fact, if I try to renew them with certbot, it says me “Cert not yet due for renewal”.

I guess the actual expiration date is Juny, but why I’m receiving these emails?

Thanks.


#2

Because there is a cert that expires today:
https://crt.sh/?q=%mariogl.com shows (https://crt.sh/?id=316782833)

LE doesn’t know where the cert is being used (or no longer being used).


#3

Thanks for your reply, rg305.

I can see on that list the same domains&subdomains that appear in the email notices, but I can also see that the same domains&subdomains appear on that list with different IDs. What does it mean? Should I understand that the latest IDs just replace the older ones?


#4

There is no logical replacement, per se, that list is every cert issued for that domain.
So, you would need to look at the “not after” column to better understand which are still good and which have expired.
You can open the cert and look at the name(s) it was issued to.
Since some certs contain multiple names you may see them listed multiple times (but they share the same cert number).
It is up to you to know which systems use which certs and the email is just a heads up for you to check.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.