Expiry bot says "20 days" but cert check says 46 days

rotech1 · September 11, 2019, 5:26am

is this a bug?? Let’s Encrypt Expiry bot emailed to say “Your certificate (or certificates) for the names listed below will expire in 20 days (on 30 Sep 19 13:58 +0000).”
prices.rotech.ca
train.rotech.ca

expiry bot has the wrong date right now?

My domain is: rotech.ca

I ran this command: ./certbot-auto certificates

It produced this output:
Certificate Name: prices.rotech.ca
Domains: prices.rotech.ca reg.rotech.ca train.rotech.ca
Expiry Date: 2019-10-27 19:15:48+00:00 (VALID: 46 days)

and looking at both sites and checking the certificate in a web browser, it says “valid to 10/27/2019”

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): Centos 6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.38.0

Server date is correct…

mnordhoff · September 11, 2019, 5:32am

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

You had an older certificate that doesn't have the "reg" subdomain:

rotech1 · September 11, 2019, 5:47am

So, is it a bug, or is there something I should have done to correct that? Will it just fade away next year?

mnordhoff · September 11, 2019, 5:48am

There isn’t a bug. (But the feature isn’t entirely intuitive.)

Let’s Encrypt will stop sending emails about that certificate when it expires.

rotech1 · September 11, 2019, 5:49am

OK, thanks very much!

system · October 11, 2019, 5:49am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.