Multiple Certificates for one Domain Cause Extra Emails and Confusion


My domain is:
I ran this command: sudo letsencrypt renew
It produced this output:
Processing /etc/letsencrypt/renewal/
Processing /etc/letsencrypt/renewal/
2017-04-30 00:39:28,029:WARNING:letsencrypt.cli:Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.
Processing /etc/letsencrypt/renewal/
2017-04-30 00:39:28,037:WARNING:letsencrypt.cli:Renewal configuration file /etc/letsencrypt/renewal/ is broken. Skipping.
Processing /etc/letsencrypt/renewal/

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/ (skipped)
  /etc/letsencrypt/live/ (skipped)
No renewals were attempted.

Additionally, the following renewal configuration files were invalid:
  /etc/letsencrypt/renewal/ (parsefail)
  /etc/letsencrypt/renewal/ (parsefail)
0 renew failure(s), 2 parse failure(s)

My operating system is (include version): Ubuntu 16.04
My web server is (include version): Apache

apache2ctl -S
*:80 (/etc/apache2/sites-enabled/
*:443 (/etc/apache2/sites-enabled/

Here is my

ServerAdmin DocumentRoot /var/www/
    <Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <IfModule mod_dir.c>
        DirectoryIndex index.php index.cgi index.html index.xhtml index.htm

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf


I got a email from Expiry Bot saying that the expire date is in 19 days (20 May)
Bot checking from sslshopper, ssllabs and sslchecker says that expires in Jul 22, 2017

What is the real expire date?
I think i duplicated the ssl generation, is it? but how to fix it?
How to remove this ssl config / website duplicates and this mess?

Thanks for all.


hi @rodrigopeixotobr

You current certificates expire July 22

The ones you are getting emails about are probably these

You can review the certificates for your domain here:

Looking at your history you are creating two certificates for the last 2 runs.

You can view the certificates that certbot manages using the command found here:


Various subcommands and flags are available for managing your

certificates List certificates managed by Certbot
delete Clean up all files related to a certificate


Debian GNU/Linux 7.9 (wheezy) failing --dry-run :(

I actually have an issue with one of my certs so had to use this today

certbot certificates

as you can see is incomplete as I wasn’t able to get a certificate issued

I would like to remove it and related folders so I am going to use the certbot delete command

Before Running Delete Command:

Running Command

certbot delete

Post Run:

Ignore the error at the bottom. It’s to do with symlinks pointing at files that aren’t there :frowning:

Another key thing to note: the names are internal certbot names not necessarily the domain names


Certbot - Subdomain Removed From Web Server but Certificate Not Removed From Certbot Management
Certbot Manual - Network Timeouts Result in Weird Behaviour

Thanks for the fast reply :slight_smile:
Now i can understand better the mess.

I got the certbot not found message but i used certbot-auto, is the same thing?

Then i run certbot-auto certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/ produced an unexpected error: error parsing /etc/letsencrypt/renewal/ Skipping.
Renewal configuration file /etc/letsencrypt/renewal/ produced an unexpected error: error parsing /etc/letsencrypt/renewal/ Skipping.

Found the following certs:
  Certificate Name:
    Expiry Date: 2017-07-22 03:19:00+00:00 (VALID: 82 days)
    Certificate Path: /etc/letsencrypt/live/
    Private Key Path: /etc/letsencrypt/live/
  Certificate Name:
    Expiry Date: 2017-07-22 03:19:00+00:00 (VALID: 82 days)
    Certificate Path: /etc/letsencrypt/live/
    Private Key Path: /etc/letsencrypt/live/

The following renewal configuration files were invalid:

And then: certbot-auto delete

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which certificate would you like to delete?


Please, just to confirm and dont let me delete the wrong one.
I need to delete numbers 1, 2 and 3 ?
And what did you did at “Before Running Delete Command:” print ?

Thanks again!


certbot and certbot-auto are essentially the same

Certificate Name:
Certificate Name:

These are the certs in the CRT.SH logs

Looking at your production server you have 6 SAN names which is your cert

BEFORE DELETING - i would suggest you verify this assumption in the webserver

Also as I am not aware of your setup if you have multiple servers you should review their configurations as well



Also please note that deleting a certificate from your own system will not stop Let’s Encrypt from sending you e-mail when it’s going to expire. (If you got several slightly different certificates, with different combinations of names, Let’s Encrypt does not consider the new certificates to be a “renewal” for the old certificates, because we don’t know exactly how you are using your certificates, for example whether they are being used on totally different servers or whether one was meant as a replacement for another.) However, after the old certificates have expired, you will stop getting reminder e-mails about them.


Thanks for the reply.
So i can just ignore the reminders and dont do anything?
I let the old expire and dont run any risk from deleting the wrong one. Right?


Yes, that’s right. You can just let the old cert expire.

It may be a good idea to delete the old cert from your system because certbot renew does not know that it should stop attempting to renew the old one, so you’ll end up renewing both certificates each time if you don’t delete it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.