Multiple Certifiates for One Domain Result in Emails Been Sent More Often Than Expected


#1

I use server Apache/2.4.10(debian) whith domain mihalikm.sk. Let’s Encrypt Expiry Bot send me regularly meil.

Your certificate (or certificates) for the names listed below will expire in
9 days (on 20 May 17 10:43 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

When I start SSLlabs test my validation is Thu, 20 Jul 2017.

Thanks


#2

Hello @michal869,

You have already issued a few certificates, some only for mihalikm.sk others only for www.mihalikm.sk and others for both.

CRT ID     DOMAIN (CN)      VALID FROM              VALID TO                EXPIRES IN  SANs
125051283  mihalikm.sk      2017-Apr-21 11:42 CEST  2017-Jul-20 11:42 CEST  69 days     mihalikm.sk
                                                                                        www.mihalikm.sk
124747509  www.mihalikm.sk  2017-Apr-20 23:48 CEST  2017-Jul-19 23:48 CEST  69 days     www.mihalikm.sk
94922066   mihalikm.sk      2017-Feb-20 10:28 CET   2017-May-21 11:28 CEST  9 days      mihalikm.sk
                                                                                        www.mihalikm.sk
94607995   www.mihalikm.sk  2017-Feb-19 12:51 CET   2017-May-20 13:51 CEST  8 days      www.mihalikm.sk
94597800   www.mihalikm.sk  2017-Feb-19 12:24 CET   2017-May-20 13:24 CEST  8 days      www.mihalikm.sk
94594012   mihalikm.sk      2017-Feb-19 11:43 CET   2017-May-20 12:43 CEST  8 days      mihalikm.sk
92661918   mihalikm.sk      2017-Feb-15 07:38 CET   2017-May-16 08:38 CEST  4 days      mihalikm.sk
91457371   mihalikm.sk      2017-Feb-13 09:40 CET   2017-May-14 10:40 CEST  2 days      mihalikm.sk
91450249   mihalikm.sk      2017-Feb-13 09:16 CET   2017-May-14 10:16 CEST  2 days      mihalikm.sk

So the mails are for other certificates, not the current one you are using, it will expire on 20th July.

$ echo | openssl s_client -connect mihalikm.sk:443 -servername mihalikm.sk | openssl x509 -dates -noout
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mihalikm.sk
verify return:1
DONE
notBefore=Apr 21 09:42:00 2017 GMT
notAfter=Jul 20 09:42:00 2017 GMT

So nothing to worry about ;).

Cheers,
sahsanu


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.