I have a few dozen domains I host, and each one has renewing certificates from Lets Encrypt through Plesk 12.5’s Lets Encrypt extension.
The certs have renewed successfully, autonomously, a couple weeks ago, and now I’m getting emails from you guys stating that some are going to expire in 19 days. One email per domain.
However, checking the certs on each domain shows they don’t expire for at least 70+ days and all are valid.
Is there a problem with your notification server at mandrillapp.com?
Looking up that domain on crt.sh it seems you originally got one cert that didn’t include the www subdomain, then one that did. I’m guessing the latter is the one you renewed, and the former is the one you got the warning about? The reminder email is sent unless you renew the certificate with the exact same set of domains. If that’s what happened, it should be safe to ignore it.
I have one as of yesterday. My question is this, how do I verify if infact, I need to to renew it. If not, how do I know it’s already renewed.
Thank you!
Hello,
Your certificate (or certificates) for the names listed below will expire in
0 days (on 01 Mar 17 01:53 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
For details about when we send these emails, please visit https://letsencrypt.org/docs/expiration-emails/. In particular, note that this reminder email is still sent if you’ve obtained a slightly different certificate by adding or removing names. If you’ve replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.
If you want to stop receiving all email from this address, click this link (deleted) (Warning: this is a one-click action that cannot be undone)
The expiration date is part of the certificate, so you can use your browser’s certificate viewer to check the actual expiration date.
In Chrome, you open the site in question, right-click and open “Inspect”. That should open the developer console, which has a “Security” tab with a “View Certificate” button. The expiration date should be visible somewhere in the window that just opened (the exact UI here is OS-specific).
In Firefox, you can reach a similar interface through the “View Page Info” context menu, under “Security” > “View Certificate”.
You can use https://crt.sh/ to find all certificates issued for a particular domain and check the “Not After” date of the most recent one. This’ll let you know that a certificate was issued; confirming that it’s in use of course would require the server to be up.
This is what I got back. Based on that I cannot tell whether or not it will be expired tomorrow - like it said in the email.Going forward, how do I set it so that it renew automatically? Is it ust a matter of having the server up and running?
==========================
Certificates crt.sh ID Logged At ⇧ Not Before Issuer Name
5671663 2016-12-01 2016-12-01 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
2956432 2016-08-23 2016-08-23 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
2208194 2016-06-14 2016-06-14 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
Well, the details of how to do a renewal depend completely on what software you’re using and how the site is hosted, so it will be important to find out somehow!
There are a number of things that might not work about this depending on other details, but you’ll most likely need to log into the server as root and run
letsencrypt renew
or as another user with administrative access and run
sudo letsencrypt renew
If this doesn’t work, I’m sure people here are willing to help debug it and figure out more about what the previous person did, but it would be much more efficient to have someone with more system administration experience involved because they could probably figure it out promptly without a lot of back-and-forth cycles.