False alarm of certificates expiration

letsencryptja · September 21, 2022, 10:22pm

Hi all,

we always get those false alarm of certificates expiration, I checked crt.sh and found that the 07 Oct expired date was from the old records in crt.sh

crt.sh ID Logged At ⇧ Not Before Not After Common Name Matching Identities Issuer Name
2131232123 2022-08-02 2022-08-02 2022-10-31 xxx.com xxx.com C=US, O=Let's Encrypt, CN=R3
1312312312 2022-08-02 2022-08-02 2022-10-31 xxx.com xxx.com C=US, O=Let's Encrypt, CN=R3
2314324324 2022-07-26 2022-07-26 2022-10-24 xxx.com xxx.com C=US, O=Let's Encrypt, CN=R3
2432423432 2022-07-26 2022-07-26 2022-10-24 xxx.com xxx.com C=US, O=Let's Encrypt, CN=R3
1234234324 2022-07-09 2022-07-09 2022-10-07 xxx.com xxx.com C=US, O=Let's Encrypt, CN=R3
5435345543 2022-07-09 2022-07-09 2022-10-07 xxx.com xxx.com C=US, O=Let's Encrypt, CN=R3

Which other area should I look to prevent those false alarm? thanks a lot.

Hello,

Your certificate (or certificates) for the names listed below will expire in 19 days (on 07 Oct 22 00:10 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.

xxx.com

For details about when we send these emails, please visit: Expiration Emails - Let's Encrypt In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.

For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email.

If you are receiving this email in error, unsubscribe at:

Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates.

Regards,
The Let's Encrypt Team

Bruce5051 · September 21, 2022, 10:28pm

Hello @letsencryptja, welcome to the Let's Encrypt community.

Just to make it easier for everyone pitch in to help your Doman Name is redrobinrunners.uk
correct?
From crt.sh | 2131232123

MikeMcQ · September 21, 2022, 10:30pm

Welcome to the community @letsencryptja

This thread is a more detailed explanation and provides further tips, as you asked for.

If that isn't sufficient, we'll need to know some actual domain names to help assess. Thanks

Bruce5051 · September 21, 2022, 10:34pm

Which is different from cpcontacts.hatoviejo.com here: crt.sh | 5435345543

Bruce5051 · September 21, 2022, 10:38pm

Actually for the Domain Name xxx.com has https://crt.sh/?q=xxx.com
Also passing is
SSL Server Test: xxx.com (Powered by Qualys SSL Labs)

Valid from	Thu, 11 Aug 2022 19:05:00 UTC
Valid until	Wed, 09 Nov 2022 19:04:59 UTC (expires in 1 month and 18 days)

Issues making queries on your end?

One other thing @letsencryptja I do not find any certificate newer than
1526492450 2019-05-31 2019-05-31 2019-08-29 vintagetube.xxx.com vintagetube.xxx.com C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3

I think you are in error with that date; based off of https://crt.sh/?q=xxx.com

Yet SSL Server Test: xxx.com (Powered by Qualys SSL Labs) does have newer date.

And Netcraft's reports
https://sitereport.netcraft.com/?url=https://xxx.com
https://sitereport.netcraft.com/?url=https://www.xxx.com

system · October 21, 2022, 10:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.