Let's Encrypt certificate expiration notice

This email tells me that one of my domains certificates is expiring now ???

Your certificate (or certificates) for the names listed below will expire in 0 days (on 09 Sep 21 22:21 +0000).

So I'm stopping what I'm doing, go to a terminal, ssh'ing into the offending server, and check crontab and logs for misbehavior. Nothing ???

I guess I'll manually run the cert renewal thingy then, which results in me getting following response:
"example.com: certificate is valid for more than 30 days (until Oct 30 02:57:41 2021 GMT)"

So, here's my feature request. Please fix your software :slight_smile:

And BTW. Thank you for your service :+1:

Please read the entire email.

4 Likes

what distribution of Linux are you using?

As Nummer says, read the whole email--it tells you why it was sent, and common reasons that it might not be a big deal. And if you got this one, you got two other emails, ten and twenty days ago, saying the same thing--so there's no reason this email should have sent you off in a panic.

Don't blame Let's Encrypt for your inability or unwillingness to read the whole message.

2 Likes

@trasherdk

Please read this, specifically:

3 Likes

Well. I have read the email and it states one of my domains certificate has expired, plus a bunch of reasons why that statement might be wrong.

I know the renewal script runs every 24 hours, so my assumption is that something is not working correctly on that server. Of course,I could have assumed the email was wrong and ignored it, but that's not my way.

What baffle me is, whatever software issues the renewed certificate, seems to not tell the software that sends the emails about that event.

I'm running Slackware 14.2 x64 on all servers since version 2.1 or 2.2 (1994-95).

That was a good first thought and your actions were correct.

This is not what is happening. Please read the thread by @griffin above.

On a technical level, there is no distinction between a new certificate and a renewal - it's the same thing. Let's Encrypt attempts to guess certificates that are probably renewals based on the exact set of FQDNs. If this differs from your last certificate, the new certificate is not considered a renewal - because it looks completly different. Let's Encrypt doesn't know if the change of FQDNs was intentional from your side or not - hence the warning about a potentially expiring certificate.

3 Likes

It also links to an explanatory page on the Let's Encrypt documentation about what counts as a renewal and what does not. Please read that documentation too. :slight_smile:

If you still require any assistance with your supposed issue, please provide the hostname or hostnames contained in the expiry e-mail, as I'm 99.999999999999 % certain this is not a bug in the expiry e-mailer, but just a misunderstanding.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.