Let's Encrypt Expiry Bot mails missing information

I'm using the tool Win-Acme and have multiple wildcard SSL domains.

I got a mail today telling me that "Your certificate (or certificates) for the names listed below will expire in 20 days "

But the only thing the mail is telling me is a list of domain names. However I don't know the ID of the certificate that is going to expire. Within my tool everything looks good.

So guess something happened like a new certificate id is created and my domains have moved there and the old certificate is going to expire. But currently there is no way of telling if this is the case, and if I can safely ignore the coming mails. Or that I have 20 sites crashing after 20 days.

Is there any way I can look this up on Let's Encrypt end and see what is expiring and what isn't ?

And what domains are currently within which certificate (id) ?

Regards,
Pat

1 Like

Welcome to the Let's Encrypt Community, Pat :slightly_smiling_face:

You are correct about how the expiry emails work in that you will receive one if you have not renewed a certificate containing only the exact same set of domain names indicated in the email. If you create a new certificate with more or fewer domain names than an old certificate, the new certificate will not be treated as a renewal of the old certificate, even if all of the domain names from the old certificate are included in the new certificate (along with additional domain names).

You can use https://crt.sh to find every Let's Encrypt certificate you've ever been issued.

I agree adding a serial number for example might speed up the search for possibly expiring certificate. I thought there was some discussion about that in the past on perhaps the Github repository, lemme check/search.

Ah, it was here on the forum:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.