Currently the 'Let's Encrypt certificate expiration notice for domain' email only lists the subject of the certificate which is expiring. It would be useful to have more details about the actual certificate which is expiring.
This could be done in a couple of ways:
- Include the details in the email itself
- Link to the certificate’s entry in the Certificate Transparency logs
Additional details which would be useful are:
- Subject alternate names
- Thumbprint
The reason for this is that at times – particularly when setting up a new service – multiple certificates with the same subject name, but different subject alternate names are created. It would be good to know at a glance which set of subject alternate names has not been renewed, and hence if there is a renewal problem or not.