Let's Encrypt certificate expiration - reporting incorrect expired date ranges

The issue that I am asking is, I have received an email from letsencrypt telling me that my certificates will expire in 18 days time but when I check my domains they report that they only need to be renewed in 75 days time.

Extract from email.

# # # # # # # # # #

Your certificate (or certificates) for the names listed below will expire in 18 days (on 31 Aug 22 21:24 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

# # # # # # # # # #

Then my second issue is, I no longer own the domain atlantic-kids-academy.com, how can I remove this from my profile.

My domain is:

dawnsdays.com
dunnsland.com

hockeysticks4clubs.com
icanevents.net

www.dawnsdays.com
www.dunnsland.com

www.hockeysticks4clubs.com
www.icanevents.net

I ran this command:
I have created a script that I use to check the expiry date of my domains. see below.

# # # # # # # # # #

RUNMODE=$1
RECIPIENTS="lawrence@e2snail.com"
checkSSL() {
ENDDATE=openssl s_client -connect $1:443 -servername $1 </dev/null 2> /dev/null | openssl x509 -in /dev/stdin -noout -enddate | awk -F '=' {'print $2'}
FMTDATE=date --date="$ENDDATE" +"%d-%m-%Y"
DAYS=echo $(( ($(date --date="$ENDDATE" +%s) - $(date +%s)) / 86400 ))
if [ $DAYS -lt 20 ]; then
if [ "$RUNMODE" == "cron" ]; then
echo "$FMTDATE = $1 (!!! EXPIRES WITHIN $DAYS DAYS !!!)" > /tmp/t.txt
cat /tmp/t.txt | s-nail -M 'text/html' -r "zabbix_ams@dazzletag.com" -S smtp="bingo.enem.nl:2525" -s "certificate expires for $1" $RECIPIENTS
else
echo "$FMTDATE = $1 (!!! EXPIRES WITHIN $DAYS DAYS !!!)"
fi
else
if [ "$RUNMODE" != "cron" ]; then
echo "$FMTDATE = $1 ($DAYS days)"
fi
fi
}

checkSSL e2snail.com
checkSSL dunnsland.com
checkSSL dawnsdays.com
checkSSL icanevents.net
checkSSL hockeysticks4clubs.com

# # # # # # # # # #

It produced this output:
31-10-2022 = e2snail.com (75 days)
31-10-2022 = dunnsland.com (75 days)
31-10-2022 = dawnsdays.com (75 days)
31-10-2022 = icanevents.net (75 days)
31-10-2022 = hockeysticks4clubs.com (75 days)

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.04.1 LTS

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0

1 Like

This should explain everything... :slightly_smiling_face:

5 Likes

What exactly is the misinformation you're claiming? That's quite a serious accusation if you ask me..

3 Likes

I am sorry, these were the wrong words used. I should have said incorrect dates reported.

I have looked at what griffin said and this somewhat answers my concerns.

I have done the checks and am happy that my sites are being served with the correct certificates.
I was just confused with the information. the email I received said that the certs would expire in 18 days ... when I checked the certificates they show that they are valid for the next 79 days.

This is not an issue because the current certs are correct.

Thanks
Lawrence

2 Likes

Thanks Griffin,

your help cleared up a lot thanks

Lawrence

2 Likes

"Incorrect dates" is also not the correct conclusion on your end I'm afraid. The information provided by Let's Encrypt is correct. However, as you've read in the post by @griffin, sometimes due to a change in contents of the certificate, the certificate is not marked as "duplicate" and thus an expiry email is send. This does not make this info incorrect though. LE does not and cannot know you intentionally did not renew the previous certificate, so it will send a warning.

@griffin Maybe you could add a part about the fact LE cannot know whether a non-duplicate certificate is not needed any longer, so it send the expiry email no matter what.

6 Likes

I'll see to adding that part, @Osiris. :slightly_smiling_face:

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.