Hello
I just received a mail telling that the certificate for patricearnal.ddns.net will expire on 12 Aug 19 21:42 +0000
But I modified this certificate about 10 days ago, in order to add arnal.site on it.
This new certificate is still valid for 79 days so I wonder why I received this mail…
My domain is:
I ran this command:
certbot certificates
It produced this output:
Found the following certs:
Certificate Name: patricearnal.ddns.net
Domains: arnal.site patricearnal.ddns.net
Expiry Date: 2019-10-11 07:26:40+00:00 (VALID: 79 days)
Certificate Path: /etc/letsencrypt/live/patricearnal.ddns.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/patricearnal.ddns.net/privkey.pem
My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
Linux arnal.site 4.19.57-v7+ #1244 SMP Thu Jul 4 18:45:25 BST 2019 armv7l GNU/Linux
My hosting provider, if applicable, is:
Self hosted on a raspberry PI 3
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0
If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.
There is no "certificate update". Every certificate is new and read-only. The only thing: Clients save the parameters and reuse these informations. That's "renew".
Client software may also track a relationship between certificates (for example, giving the certificate a local name). But the Let's Encrypt CA doesn't know anything about this relationship, which is a source of frequent confusion about these reminder e-mails. You could be updating a certificate in your local certificate management software, but the certificate authority doesn't know that.