Let's Encrypt certificate expiration notice


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: homunity.com

I successfully migrated the website certificates to a new server thanks to some guys on this forum ! However i still have the old server up and running and i’m getting notifications from the old server about not being able to renew the certificate. Yesterday i received a mail from letsencrypt ‘expiry@letsencrypt.org’ saying : “Your certificate (or certificates) for the names listed below will expire in 20 days (on 05 Feb 19 15:48 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.” For homunity.com.

I verified the certificate on the browser and it says expiry on 28 mars 2019. Do i have to worry about this mail ?

Thanks for your answers !


#2

https://letsencrypt.org/docs/expiration-emails/ should cover your questions. Your instinct that everything is fine, is probably right.


#3

Thanks for your answer. I was just wondering why letsencrypt is sending me a mail about renewal even though the last certificate seems to be valid until march.

Moreover i just saw that i didn’t add the /.well-known/acme-challenge to nginx, i don’t know if this causes the mailing


#4

From the page I linked:

We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate

The new/current certificate on your website has this set of names: [homunity.com, www.homunity.com].

The old certificate you received an expiration notice for has this set of names: [homunity.com].

The reason you received an expiration notice for the second certificate is that there is because the first certificate is not considered a renewal of the second certificate. (Even though in your case, the first certificate replaced the second one).

You don’t need to worry/do anything, but that’s the reason why it happened - it’s because you added the “www.” subdomain, which you did not have previously.


#5

Ok thanks a lot for the explanation !


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.