I manage quite a few servers which use LE certs, and occasionally I need to move things between them. This causes the conundrum of knowing whether an expiration notice is important, since a cert with the same domain could exist in mutliple locations, including a current used cert, and an old cert that isn’t used any more.
I’d like to propose that the initial IP of issuance be included in the expiration notice so that someone can quickly ascertain which server is being discussed.
How does the initial IP address helpful in this matter? You already state that certificates can be moved and/or copied. Perhaps the certificate of the initial server (and thus corresponding IP) is in fact the certificate which isn’t in use.
I think it’s your job to keep record of the certificates and when they expire. The e-mail notifications are just one method of keeping track of the expiry date of certificates, but when you’re running quite a few of servers (probably professionally), I’d suggest you run your own method of certificate management.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.