Issued Certificates

We are getting a Certificate error on our site internally. The error states that a certificates from Let’s Encrypt Authority X3 has expired. I never requested a certificate from you. Why do I have an expired one? How do I remove this as I can’t locate the certificate on any of my servers?

Hi @Bigwil, we can’t reach into people’s servers and install certificates or anything – all of the certificates that we issue exist because someone has requested them using client software for our ACME protocol. The most likely reason is that a coworker or contractor previously requested a certificate, which is necessary to make HTTPS sites work (even internal ones) without modifying users’ browsers.

(Let’s Encrypt is operated by a not-for-profit organization and never charges any money for any of our services, so nobody is trying to get you to buy or pay for something. If you do discover that the certificate is somehow useful to you and you want to renew it instead of removing it, you can do so at no charge.)

Is it possible that you’re using some tool or package that automatically requests certificates without human intervention? This isn’t very common yet and I don’t have a lot of specific examples at hand, but maybe some web frameworks or control panels do so. (The Caddy webserver would be another example: if you’re serving a website with Caddy, it will get a certificate from us and install it without asking you.)

If you log into the server responsible for the site in question and look at the web server configuration, it should be possible to find references to certificate files on disk. If someone used our Certbot tool, the resulting certificates will be stored within /etc/letsencrypt (but there are many different ACME client applications so it’s hard to know without knowing more about which software was used).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.