Message sent by bot gave me a renewal date different from expected

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: zbpropiedades.cl

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Microsoft Windows Server 2016

My hosting provider, if applicable, is: Hostwinds

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk 18.0.30

I got message saying Your certificate (or certificates) for the names listed below will expire in 10 days (on 18 Dec 20 17:57 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

But on my Plesk it says SSL is Valid To February 18, 2021 Will be automatically renewed

I am confused where does the bot take this date from ?

Hi @Corobori,

Take a look at

You do have a certificate expiring that covers www.zbpropiedades.cl, zbpropiedades.cl. This has not been replaced with an identical certificate. Instead, it was replaced with a certificate covering *.zbpropriedades.cl, zbpropriedades.cl (with the wildcard * instead of the www).

While this is potentially an appropriate change, the certificate authority doesn't have a way of checking in its database whether you intended to make this switch or not, and so it sends the warning e-mail. This is mentioned elsewhere in the warning e-mail itself (that it is sent if you didn't renew the exact certificate, even if you intentionally replaced it with a slightly different one, which appears to apply to your case).

In case you happen to wonder why your certificates appear to each be listed twice in the crt.sh link that @schoen provided, it is because the top certificate in each pair is an actual certificate while the bottom certificate in each pair is a precertificate. Here is the same reference with the precertificates filtered out: