Expiry notice when domains certs aren't expiring


#1

Hello, I’ve been receiving expiry notice from expiry@letsencrypt.org saying my domain certs will expiry in <10 days but when I look at the cert in the browser, the expiry date isn’t until end of next month. How can I verify which is correct and to also fix this from occurring again?


#2

Hi @mhaddy - apologies about the confusion.

Can you share the contents of the expiration warning you received, or the list of domains it mentioned? With those I can help you figure out whether the warnings were sent incorrectly.


#3

Here’s the latest one:

Hello,

Your certificate (or certificates) for the names listed below will expire in 9 days (on 21 Aug 16 00:30 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

XXX (PM’ed you)

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.

If you are receiving this email in error, unsubscribe at XXX (HTTP link, we know. We’re working on it!)

Regards,
The Let’s Encrypt Team


#4

Followed up in DM.

The expiration warnings are being sent correctly. There was several sets of domain names being issued for and Let’s Encrypt only counts an issuance as a renewal when the sets of domains is an exact match to an existing certificate. Since there was no exact match for an earlier certificate the warning message was delivered as it approached expiry as expected.


Expiry notice when domains certs aren’t expiring
#5

@cpu, a lot of people seem to be confused about this issue. Maybe the expiry reminder text should try to clarify this somehow? (Unfortunately, straightforward ways of clarifying it might also confuse people if they don’t know whether the clarification applies to them or not.)


#6

@schoen Good idea! You’re right that this is a common point of confusion. @jsha added some additional clarifying text to the website but I am also open to discussing modifications to the expiration warning email itself.

The email template we use currently isn’t in the Boulder repo (there is just an example template). I will have to ask Ops for a current copy to iterate on.
I stand corrected - https://github.com/letsencrypt/boulder/pull/2121


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.