From: Let's Encrypt Expiry Bot <email@example.com>
Subject: Let's Encrypt certificate expiration notice for domain "pypicache.repology.org"
Received: from [220.127.116.11] by mandrillapp.com id b49340094b964db895e14d2a61c13240; Mon, 20 Sep 2021 18:57:24 +0000
Your certificate (or certificates) for the names listed below will expire in 10 days (on 01 Oct 21 01:07 +0000)
However, browser and certbot say that the certificate was in fact recently renewed and is not going to expire in October:
My guess is that either there is some error or I may have two certificates for the same domain. In the latter case, the email should take such case into account to not be misleading and confusing. Ideally, it should say right away that I have multiple certificates for this domain with issue and expiration dates and serial number.
This situation would count as a renewal and should not trigger an expiry email.
There indeed exists a certificate for just that hostname which expires on 1 October: crt.sh | 4801766429 And that certificate has indeed been renewed with just that hostname on 4 September: crt.sh | 5159537241
So I don't understand why you got that e-mail. @lestaff Could you please look into this? As far as I can tell, this expiry e-mail should not have been send..
I too have received such a mail today, telling me that the certificate will expire in 0 days (tomorrow morning). However, the certificate is still valid for another 2 months and was renewed 1 month ago. So everything should be okay, and renewal was never an issue in the last years.
Seeing that I'm not the only one who received such a message, I assume there is a bug/issue on let's encrypt's side.
I got a notification that said 7 certs were expiring in 0 days, I checked all of them and the certs are expiring in exactly 2 months, so there's no issue. There might be something going on with their notification system, I checked my server and it appears fine.
Thanks for your reports, everyone! I believe we've identified the problem that was causing us to send expiration warning e-mails for certificates that have already been renewed. We've paused sending while we work to fix the root cause.
E-mail addresses are fully optional in the ACME protocol, although it is recommended to use one. In that case the ACME server can send you e-mail notifications such as expiry e-mails or other urgent notifications.