Let's Encrypt certificate expiration notice for domain "account-manager.zpnh.ch" (and 4 more)

I receive some mails with this warning:
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.


But if I run certbot certificates I see that they are valid until 18. Febrary 2023.

Then you should read the email more closely.
And review your certificate issuance history.

It is possible that you have "renewed" your certificate with a different subset of names.
[adding or removing a name creates another "unrelated" certificate]


Right, I overlooked that, sorry. I added an additional name.
Unfortunately, it is not at all clear to me how to proceed correctly in such a case in order to replace existing certificates correctly.


What you did was correct. Certificates cannot be modified. Any change (key, domain names...) requires the issuance of a new certificate. In fact, this is also what happens when you renew a certificate - it's just a new one with same names but different expiry date.

The Let's Encrypt expiry mailer detects renewals based on the exact set of FQDNs in your certificate. If that changes, it cannot detect the renewal and will start mailing you. There is no way to avoid this, it is a limitation of how the system currently works.

You can simply ignore the emails. The mails will stop once the old certificate (with the old names) has expired.


Good to known. Thank you very much.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.