Lets Encrypt mail for renew but certbot certificates says renewed


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I got a mail from Letsencrpy about expiry of one of my domain (which is actually on http). However when I tried to renew it manually using certbot webroot, it says the domain is not yet expired and want to renew with new certificate or keep as it is. I checked the certbot certificate and found the same domain as having 71 days of expiry. Why I received a mail then saying your domain certificate from lets encrpt will expire in 19 days.

My domain is: An http portal

I ran this command: certbot certificate

It produced this output: Found that the domain is already renewed with expiry of 71 days.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: Softlayer

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No


#2

Hi @Student1

please read

If your certificate is already renewed, we won’t send an expiry notice.

When is a certificate renewed?

We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it.

You may have this:

If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.


#3

Thanks much for your time and reply. I may not be well versed but here is the issue:
The certbot certificate shows the domain name in list of renew certification but the url shows the following. Please note its not encrypted. Could that be the reason?

image


#4

Certbot says its renewed: Expiry Date: 2019-01-27 23:50:04+00:00 (VALID: 79 days)

Am I missing something?


#5

If you don’t use the certificate, this is bad. But the mail of Letsencrypt doesn’t check if you use a certificate.

Perhaps you have created the certificate with “certonly”, so you have to install it manual.

Install the certificate.


#6

How did you get the certificate in the first place? Which installation plugin was used? Or did you manually install the certificate? If the latter is the case, did you directly use the path in /etc/letsencrypt/live/... or did you copy the certificate from that location first to some other location? If you didn’t use an installer plugin, did you reload your webserver, so Apache actually uses the new certificate?


#7

Note that “Connection Not Encrypted” just means the browser is connecting over HTTP - it doesn’t tell you anything about whether the certificate is valid or not - you need to attempt to connect over HTTPS to find that out. Maybe it’s working fine and you just need to set up a redirect?


#8

Thanks much.

Please advise what is “set up a redirect”.


#9

Thanks much.

Actually this was done via someone else who has left the organisation. Now I am looking at trying to renew as I got a mail.

When I tried to renew using certbot certificate then I found its already renewed.

My concern is Letsencrpt sending mail saying its expiring in 19 days while its renewed as per certbot.


#10

If you have a website visible via http and https, you should add a redirect http -> https.

So users are redirected to the encrypted website.

If you don’t add such a redirect, you may see your http version instead of your - working - https - version.

Redirect http -> https and prefer one version (www or non-www).

But don’t create a loop http -> https -> http.


#11

I got it

Thanks much.

This helps.

As you explained, Note that “Connection Not Encrypted” just means the browser is connecting over HTTP - it doesn’t tell you anything about whether the certificate is valid or not - you need to attempt to connect over HTTPS to find that out. I will look into this.

Thanks for your time.