Not getting certificate expiration warning emails

I have a domain tinericms.com which has wildcard certificates enabled. The letsencrypt account was created by my predecessor using his email address. Hence i tried to change the registration email of the account a few months back using the following command

sudo certbot register --update-registration --email myemail@domain.com

It gave me a successful response. But now less than 20 days are left and i have not recieved any warning email on my email account and i cannot check with my predecessor because his email id has been disabled. Please can anyone help me.

I have attached the regr.json file. It shows the changed email but not recieving any alerts on it.

Welcome to the Let's Encrypt Community, Amogh :slightly_smiling_face:

It has been my experience that the email on the certificate signing request (CSR) submitted to the certificate authority (CA) (in this case Let's Encrypt) is used for expiration notifications. When you acquire a certificate using certbot, it generates and submits a CSR for you. I believe it uses the email address associated with your ACME account when it does so. Thus, changing the email address for your ACME account will not change the email address associated with your already-acquired certificates. Updating the email address for your ACME account applies retroactively to all certificates the account has ever issued.

You can always find your complete certificate history, including all expiration dates, here:

You can also view your certificate information using:
sudo certbot certificates


Thanks as always for the clarifications, _az. :slightly_smiling_face:

The opposite is true. Updating your email address will apply retroactively to all certificates that the account has ever issued.

I don't know why @amoghh wouldn't have received an expiry notification in this case. The only thing I can think of is that they previously unsubscribed that email address (even if from a different account). If your email provider supports it, try the myemail+1@domain.com trick described on https://letsencrypt.org/docs/expiration-emails/#unsubscribing.

Nothing in regr.json is dangerous to reveal. I think all you can see there are the public n and e RSA parameters. I'll let OP remove it if they choose to.

1 Like

We had not unsubscribed to the alerts. I had checked with the other email account 3 month back it had recieved the notification which is why i actually had proceeded to change the email to a offical mailing list. The old email was 'cagrawal@opendestinations.com' of which is disabled now so i cannot check whether it recieved the latest alert. The email which i changed to is a mail list 'odltineri@opendestinations.com'. Is there no way to check from the backend if a email was sent to either accounts or which is the current email registered in the backend to send the alerts to?

P.S just to be safe i have not put the entire contents of the regr.json just the contact part of it to show the current changed email address

Yes, we can tag the staff, though it'd be better if we had something concrete or multiple reports.

Would you be willing to add a second email address (on a different domain):

sudo certbot register --update-registration --email myemail@domain.com,email2@example.com

and seeing whether you receive the 10 day notice on either or both addresses in one week?

Otherwise you can try tag @lestaff now if you want.

Yes ok i will try to update the email again and add another one with a different domain and check in a week. I'll reply back in a week. Thanks for the help

1 Like