We use a single wildcard cert covering multiple domains. I’m getting emails from email@example.com, saying it will expire in eight days’ time. Yet when I check the expiry on the issued cert using https://www.geocerts.com/certificate-decoder
it says they won’t expire until two and a half months.
This was previously discussed in Expiry notice when domains certs aren’t expiring
and the reason is that since the original cert was issued, we have changed the list of domains being issued. This issue will cause confusion to all those who haven’t found the linked thread. Is there no way of only generating these emails if the cert is actually expiring? No way of comparing current versus original domain list?