Expiry warning, but SSL Test and check SSL show otherwise

I keep getting expiry warnings:


Your certificate (or certificates) for the names listed below will expire in 9 days (on 01 Jun 20 12:29 +0000).

apps.menne-biomed.de
menne-biomed.de
www.menne-biomed.de

Testing these with SSL Server Test shows that expiry is on July 8. The same on the server:

~>./checkssl apps.menne-biomed.de                                                                                                    
apps.menne-biomed.de  443   apps.menne-biomed.de (alt)  Jul  8 18:19:29 2020 GMT  Let's Encrypt Authority X3                         
~>./checkssl menne-biomed.de                                                                                                         
menne-biomed.de  443   menne-biomed.de (alt)  Jul  8 18:19:29 2020 GMT  Let's Encrypt Authority X3                                   
~>./checkssl www.menne-biomed.de                                                                                                                                                                                                                                         
www.menne-biomed.de  443   www.menne-biomed.de (alt)  Jul  8 18:19:29 2020 GMT  Let's Encrypt Authority X3  

~>

I assume there is some hidden SSL that is active in addition, but I cannot find the date 01 June anywhere in expiry.

My main domain (menne-biomed.de) runs on nginx directly, but some others (apps) run in Docker containers. So I suspect that there is some competition, but why does SSL test only see the July-expiry ones?

1 Like

Hi @dmenne

please read the link shared in the mail.

You have created different certificates - https://check-your-website.server-daten.de/?q=menne-biomed.de#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-04-09 2020-07-08 apps.menne-biomed.de, irusweg.de, menne-biomed.de, menne-indonesia.de, www.menne-biomed.de, www.menne-indonesia.de - 6 entries
Let’s Encrypt Authority X3 2020-04-09 2020-07-08 irusweg.de, mail.menne-biomed.de, menne-biomed.de, menne-indonesia.de - 4 entries
Let’s Encrypt Authority X3 2020-04-06 2020-07-05 apps.menne-biomed.de, irusweg.de, menne-biomed.de, menne-indonesia.de, www.menne-biomed.de, www.menne-indonesia.de - 6 entries
Let’s Encrypt Authority X3 2020-04-06 2020-07-05 irusweg.de, mail.menne-biomed.de, menne-biomed.de, menne-indonesia.de - 4 entries
Let’s Encrypt Authority X3 2020-03-03 2020-06-01 apps.menne-biomed.de, menne-biomed.de, www.menne-biomed.de - 3 entries

The last with 3 entries expires. That’s the mail.

Letsencrypt doesn’t know which certificate you use. No renew -> a mail is sent.

PS: And your certificate with 4 domain names will generate the next mail, if you renew only the certificate with 6 domain names you use.

4 Likes

Thanks for pointing me to your great `check-your-website page which made clear that I had (and still have) a mess.

1 Like

It’s not a problem having more then one certificate with the same domain name. If a system grows, that happens.

In such a situation: Ignore mails with informations to not longer used sets of domain names.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.