Expire Bot says 17 days, cert shows 81!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
jhsemploymentservices.ca (and others under 1 same cert)

I ran this command:
Used three different web browsers to look at the certificate dates - they say September 2023, about 80 days away, not July 18th!

It produced this output:
The certificate does not expire in July.

My web server is (include version):
Apache 2.4

The operating system my web server runs on is (include version):
Windows Server 2019

My hosting provider, if applicable, is:
Self hosted

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certify the Web ver
This app also says it is 80 days before expiry, not 17.

The Expire Bot set off a panic that the cert was dangerously low in days, and that systems had failed internally to indicate there being a problem. Finding that the cert is not anywhere near that expire date, your Bot is going to cause serious freak outs to many people if it is doing this to others.

Please take a look at the bottom part of the expiration reminder email. It explains some reasons why you might be notified even if you have renewed.


@JamesLE It would be helpful I think if that explanation would be above the "go to the Community for help" part in the expiry email.


Maybe they should include:

Be sure to read this following part thoroughly

before posting your questions as it covers most of the common reasons why one would be receiving these emails.


You renewed the cert after the email was sent?
How often does your ACME client check for expired certs? [reccomended: twice a day]
What is its' default expiry/renewal interval? [default: renew after 60 days - with 30 days left]


Then OP would have waited 10 days before opening this thread. Probably unlikely.


I completely agree; I'm just shedding some light onto the matter for any and all future readers.
And, although highly unlikely, it is still within the possible.

It's 6AM - time to start my day!


That's a great suggestion, thanks! We've made this change in staging, and it should be in production later this week.


To clarify further - the cert was renewed 9 days before we got this warning.
We had not made any changes to the names on our cert, it has been the same for a long time.

So still not sure why it would send us this warning claiming it would expire soon. The only thing new/different as of late was that we had to re-install app a couple of weeks ago because it was failing to run. Once we did that, it did then work and renewed our cert.

If you look closely, you will see the cert expiring on Jul18 has 7 domain names in it.

The two certs you created since then have 8 names (adding cycentres.ca).

The history shown by crt.sh is not helpful for this case. See this tool history instead:



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.