How to update "expiry bot"?

My domain is:

I ran this command:
sudo certbot certonly --webroot -w /Volumes/extra/Sites/davec/kjams.com -d kjams.com -d www.kjams.com -d karaoke.kjams.com

It produced this output:
whatever the "success" output is

My web server is (include version):
apache

The operating system my web server runs on is (include version):
osx catalina (latest)

My hosting provider, if applicable, is:
myself

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
mamp

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.9.0


my original cert was JUST for karaoke.kjams.com. i just updated it, adding both "kjams.com" & "www.kjams.com"

but now, i'm getting old expirybot notification emails. i want to update the bot to 1: know the actual new expiry time and 2: know the actual new domains (it is sending reminders for the OLD date / domain)

i know i can unsubscribe then manually resubscribe with a NEW email address, but who wants to do that? i need it to continue using my actual email address.

how do i do that?

-dave

Hi @davecotter

please read the mail complete. And read the link shared in the mail.

Then you will see. No problem exists.

I know, i already saw this part:

the thing is, not the name that changed, but the DATE of expiry has changed. It is supposed to be sent out 30 days prior to expiry, but now that is thrown off.

After updating my cert to cover 3 names instead of 1, the new expiry date is 2021-04-23. So i should have gotten the expiry notification on 2021-03-23, but i got it on 2021-02-11, which is 30 days before my ORIGINAL cert expires.

There are no instructions (that i could find) on how to reset the expiry notification emails to have the CORRECT DATES, while using the same email address.

Did i just miss something?

Yes. Your older certificates aren't invalid because you don't use these. Letsencrypt can't know which certificate you want to use. May be three days later you roll back your configuration.

So a mail is always sent.

2021-02-11 is the correct date. If you don't like that mail, ignore it. That's all.

You're talking about the cert that i don't use any more, i'm not. I'm talking about the cert that i DO use.

stdout of the command line says this:

The following certs are not due for renewal yet:
/etc/letsencrypt/live/karaoke.kjams.com/fullchain.pem expires on 2021-04-23 (skipped)
No renewals were attempted.

I believe this is a reasonable and valid question. I get the sense that you don't? If the answer is "currently it's not possible to do what you're asking for", then that's the answer, so can we avoid debating the legitimacy of my request and just answer the question?

It's not required.

If you don't renew that certificate

you will get a mail (20 days earlier). There is no additional / second subscription required.

If you renew that certificate earlier, no mail will be sent.

Or - in your words:

There is no update required. Old certificate expires, not renewed -> some mails -> ignore these.

New certificate -> now there is nothing to do, wait some weeks (begin 2021-04).

1 Like

You need to understand that a new certificate never actually replaces the old certificate.
It's just another issued cert in the long list of certs that have been issued.
Some inactive...
Some still active...
Some about to expire...
Some freshly issued...

Have a look at this list of issued certs:
crt.sh | karaoke.kjams.com

If there is no newer cert with the exact same set of names on it, then the expiry bot will notify you of that - you have a cert that technically hasn't been renewed that will soon be expiring.
But you also have another one that has more (or less) names on it.
The bot is just doing its' job to the best of its' abilities.
Even a human would do the exact same thing.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.