Let's Encrypt certificate expiration notice

Hi!

Currently I use greenlock for nodejs to create my certificates for my sites, however he has always automatically renewed the certificates, however in the last few days I am receiving several emails that my certificates will expire. Should I be concerned? Or is it some new letencrypt warning rule?

below I have how to create my certificates

Without more information, we can only guess. Perhaps you should be concerened, maybe not at all. It's like thowing up a coin and see on which side it lands.

I don't know why, but it seems you either deleted or did not get the questionnaire which should have been presented to you when you opened this thread in the #help section. Please answer all questions to make life more easier:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Also please provide the contents of the expiry e-mail you've gotten in total.

1 Like

[quote="Osiris, post:2, topic:152680"]
My domain is: avelinoimoveis.com

I ran this command: none

It produced this output: none

My web server is (include version): i dont know

The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
[/quote] no

Email:

Hello,

Your certificate (or certificates) for the names listed below will expire in 19 days (on 13 Jun 21 11:38 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.

avelinoimoveis.com
ecincoimoveis.com.br
imoveisportes.com.br
laroccaimoveis.com.br
velhoimoveis.com.br
www.avelinoimoveis.com
www.ecincoimoveis.com.br
www.imoveisportes.com.br
www.laroccaimoveis.com.br
www.velhoimoveis.com.br

For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email.

OK, good, thanks. It seems indeed your certificates have not been renewed, yet. All sites have their latest certificate issued on March 15th:

https://crt.sh/?q=avelinoimoveis.com&deduplicate=y
https://crt.sh/?q=ecincoimoveis.com.br&deduplicate=y
https://crt.sh/?q=imoveisportes.com.br&deduplicate=y
https://crt.sh/?q=laroccaimoveis.com.br&deduplicate=y
https://crt.sh/?q=velhoimoveis.com.br&deduplicate=y

However, the expiry date of all of those certificates is 2021-06-13 and I see a pattern of 14 days between the renewal and expiry date. And as of today, we're 16 days away from renewal. So I suspect your ACME client will renew the certificates in 2 days from now.

1 Like

Thank you very much for the information! have a great day!

1 Like

No problem. Be sure to check the above crt.sh-links in 2 to 3 days to double check if your certificates have been renewed indeed.

Also, the first expiry mail will be send 20 days till expiry, so your current 14 days is within that window. That's why you're getting the e-mail. Perhaps you can configure your software (Greenlock?) so it renewes earlier? Let's Encrypt recommends to renew 30 days prior to expiry.

From the Greenlock site:

Certificates are renewed every 45 days by default, and renewal checks will happen several times a day.

45 days is a little bit too soon, as 90 days (cert lifetime) minus 30 days (recommended time to renew before expiry) = 60 days. Not sure why their default is 45...

By the way, that page I linked above is full of errors.. It seems this is the official repository: GitHub - therootcompany/greenlock.js: 🔐 Free SSL, Free Wildcard SSL, and Fully Automated HTTPS for node.js, issued by Let's Encrypt v2 via ACME

There I can find some configuration options like renewOffset. Do you have something like that configured?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.