Getting emails about renewal but already renewed certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.elami.mk

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

So I got emails today about a few of my domains which have all been renewed.

I checked and it says that my SSL expires in 80 days (https://www.sslshopper.com/ssl-checker.html#hostname=www.elami.mk)

But my email says

Your certificate (or certificates) for the names listed below will expire in 19 days (on 09 Dec 19 13:13 +0000).

Thank you!

See the documentation about Expiration Emails. Especially this part:

If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate.

On Sep 10th, you issued a certificate for just www.elami.mk. A day later on Sep 11th you noticed you were missing the base domain, so you issued a new certificate for www.elami.mk as well as elami.mk. About a week ago you’ve renewed your certificate. To be more specific: you renewed your LAST certificate, containing www.elami.mk as well as elami.mk.
However, the first certificate was never renewed.

Now back to the quote I mentioned above: Let’s Encrypt warns you you’ve never renewed the certificate for just www.elami.mk. If that’s OK, you can ignore the e-mails.

3 Likes

Osiris thank you for your reply.
It has been really informational and useful.
Just to be clear because I have renewed my certificates (p.s also got emails for two more certificates
www.justsayingkiddo.nl and justsayingkiddo.nl which are also renewed) I don’t need to do anything more?

Thank you very much!

1 Like

The e-mail you received should contain a list of the hostnames in the certificate the e-mail was meant for. In the case of justsayingkiddo.nl it would be kinda confusing, because I see you initially issued two certificates: one for www.justsayingkiddo.nl and one for justsayingkiddo.nl, both on the same day. Again, a day later, you saw it was better to generated a third certificate with both those hostnames in just one certificate. And you’ve successfully renewed that latter certificate on Nov. 10th.
The e-mail you got probably mentioned both the www and the ‘bare’ hostname. That’s because you got a certificate for both those hostnames. Those ‘single hostname’ certificates weren’t renewed. The e-mail unfortunately doesn’t tell you those hostnames were from the initial two (separate) certificates, which aren’t relevant any longer, as you have a well working certificate covering both hostnames.

1 Like

Yes I understand, it is kind of strange, but I understood your explanation atleast I am not scared that I will have errors in a few days because the certificates used on the websites are renewed and shouldn’t cause problems atleast I hope so.
I will not touch anything as my understanding is now right ?
All the best!

There’s no need to touch anything at this moment.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.