Expiry notifications does not work

My domain is: go.mohirdev.uz

I ran this command: certbot renew / certbot certificates

It produced this output:

Certificate Name: go.mohirdev.uz
Serial Number: 300a25a09e9f846ecd50cbd60e35259a5a7
Key Type: RSA
Domains: go.mohirdev.uz
Expiry Date: 2023-11-27 05:28:09+00:00 (VALID: 6 days)

My web server is (include version): nginx version: nginx/1.22.1

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Debian GNU/Linux 12 (bookworm)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

For any domain (including go.mohirdev.uz) there were no expiry notifications.

You can check the email address the expiry emails should have been send to with certbot show_account.

If that is the correct email address, you could check your spam box.

If there is nothing in your spam box, somebody might have unsubscribed your email address from the mailings. See Expiration Emails - Let's Encrypt for more info and how to re-apply.

3 Likes

You can check the email address the expiry emails should have been send to with certbot show_account .

It displays the email address correctly.

If there is nothing in your spam box, somebody might have unsubscribed your email address from the mailings. See Expiration Emails - Let's Encrypt for more info and how to re-apply.

This was done several times during the past week but there were no emails. I also checked mail server logs - there were no emails from expiry@letsencrypt.org.

certbot update_account --email example@domain.com
certbot update_account -m example@domain.com

Do you want help with your cert renewal? Or is it just the email problem you are concerned with?

One thing I see is the cert from your certbot certificates command is not the most recent for the single domain name. You also got a cert for just that name on Sep1 expiring Nov30.

Another is that there is no DNS A record for go.mohirdev.uz only mohirdev.uz and it looks proxied at Cloudflare.

Do you know why you are missing the DNS record(s) and what happened to the cert issued Sep1?

4 Likes

Yes, I am aware that there is no DNS A record for go.mohirdev.uz and the issue itself is not related to the certificate renewal, it is rather related to the expiry certificate notification.

The expected behavior is to receive an email 20 and 7 days before the expiration of the certificate, regardless of the validity of the domain itself (whether it is mapped to the server IP, etc).

But there were no emails for any domain with an expiration date of less than 20 or 7 days.

1 Like

Well, Let's Encrypt issues those emails on a "best efforts" basis so things can go wrong sometimes (note the "we try" in their docs).

Can you confirm you are getting emails to the same email address you used for the expiry notices?

As a volunteer here I have no access to the Let's Encrypt email logs so you'll have to see if someone from staff wants to pursue this. I am sure they monitor their delivery stats and if there were a widespread problem it would be alerted to them that way. You may need to be patient for a response.

4 Likes

Yes, emails are successfully delivered to the specified for certbot registration email address.

Are there any additional details required, such as Account URL or Email contact?

Thanks.

2 Likes

Currently expiry notifications are received to registered email address. This topic can be closed