How is your Certificate renewed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:energycentric.co.uk

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Let's Encrypt certificates are requested and renewed using an ACME Client program.

I can see from the public cert history you regularly renew your LE cert. Is there a specific question you have?

4 Likes

Hi Thanks for the speedy response
I have taken over the management of the site and can see the SSL certificate is managed by Lets Encrypt and it looks to renew every 3 months so I have a couple of questions;

  1. Is it auto renewed as in i do not have to do anything as it renewed 26th Jan 25 and expires 26th Apr 25
  2. I ask because we get an Email from StarFieldTech saying "We have received a Certificate Signing Request" and we have to approve it
    So I guess i am asking is this normal?
    Thanks in advance
    Kind regards
    Norman

Let's Encrypt does not "manage" the cert. It is an ACME Server (there are others). LE provides a cert upon request by an ACME Client (there are many). The ACME Client program is usually automated. The LE recommendation is to renew a 90-day cert every 60 days which is what we see in your history. So, your client looks automated and working as it should. See: Getting Started - Let's Encrypt

You should become familiar with this ACME Client program to ensure its continued operation. There are many of these so I can't tell you which you use. If you post the line for SSLCertificateFile from your Apache config we might be able to tell you more.

That is not related to Let's Encrypt. It is a GoDaddy related cert and/or service. You'll have to contact their support. Probably some contact info in that email.

Your domain is being handled by an Apache server which is using a Let's Encrypt cert. You might want to research where you use this other cert.

4 Likes

Most likely you have signed up for annually renewed certificates via a service, and that's where the StarField 1yr certificates are coming from. You are probably paying someone for that - @MikeMcQ suggests but I also see that your domain is registered via Heart Internet so I'd wager that it could also be a service you are buying from them or your web host (your website IP address is associated with "easyinternet"). StarField issued you a cert on the 23rd of January, which you could optionally use, or you can ignore. It's unlikely that you're getting that for free.

Certificates via Let's Encrypt are automated using software tools and the certificates themselves are free. The CSR step for Let's Encrypt certificates is usually done automatically using software that runs directly on your (Apache) web server. Something requested the Let's Encrypt cert on the 26th of January, so it's worth looking on your server for things like Certbot or acme.sh which are common tools (there are many others).

3 Likes

Hi Guys
Thanks for the pointers, unfortunately I have no access to the server that hosts the domain but i am trying to find out how it all hangs together as in what, if any ACME runs on it..
Norman

Your domain name registrar is https://www.heartinternet.uk/

They also offer full hosting services. Contacting them may be helpful.

2 Likes