I received an e-mail purporting that two names were coming for renewal within 1 day, then within 0 days (i.e. expired).
This is an odd (and new) behaviour as previously there would be a 30 day warning.
In this mail, there were two names listed. But the active cert has 16 names.
My assumption is that the command
has generated certs with a variety of names and numerical suffixes (various testing, errors and multiple submissions lead to such a situation). Each one the spawns its own mailer service.
*1 is this assumption correct?
2* a suggestion
If assumption correct, without getting into complicated management rules, at the very least the mail should indicate the certificate name, chain and path. Thus the server admin can verify against nginx/apache configurations.