I got email that my xxx website certificate will expire in 8 days.
I wonder why? because I look those cert3.pem files and other *.pem files and those
are marked to updated in jul 27.
Does those archive files cert1.pem, cert2.pem and other confuse automatic check??
beause it uses currently cert3.pem (as you can see below)??
I got many other sites from letsencrypt service and those
work ok! But with one difference those websites does no have those
cert1.pem, cert2.pem etc. but only one cert1.pem where they are linked.
Are you sure the email is about THAT certificate? I thought I had the same issue but then I remembered that when I first requested a certificate I had forgotten a specific SAN. I corrected my mistake by requesting a new certificate including that SAN. The new certificate is automatically being updated by a CRON job and that works fine.
I first thought that the email was about the last, updating certificate. On closer inspection however the email is about the first certificate that I indeed do not update as I do not need it.
Like @webbes mentioned frequently there can be confusion around which certificate you are being warned about vs which you have checked for renewal.
Can you share the domain name(s) you received the expiration warning email for? That’s the piece of information I would need to investigate whether you received the warning in error or if there is another explanation.
[Mon Aug 08 22:03:49.434465 2016] [ssl:error] [pid 16438] AH02032: Hostname 178.63.3.78 provided via SNI and hostname eco-toimistotarvikkeet.fi provided via HTTP are different
[Tue Aug 09 13:56:43.980148 2016] [ssl:warn] [pid 9724] AH01909: RSA certificate configured for eco-toimistotarvikkeet.fi:443 does NOT include an ID which matches the server name
[Tue Aug 09 15:06:55.269446 2016] [ssl:error] [pid 30235] [client 64.41.200.106:41306] AH02042: rejecting client initiated renegotiation
[Tue Aug 09 15:10:08.520979 2016] [ssl:error] [pid 30351] [client 64.41.200.106:53900] AH02042: rejecting client initiated renegotiation
If you check your apache config, it will be pointing to use the static.eco-toimistotarvikkeet.fi certificate (one I assume you just created, I haven’t checked ), rather than the correct certificate for eco-toimistotarvikkeet.fi
The confusion may be because it has also been stated that, strictly, you should be using a valid certificate for www.eco-toimistotarvikkeet.fi (even though it is only a redirect ) … and you currently aren’t, you are using the cert for eco-toimistotarvikkeet.fi (which expires on 25 Oct).