Question about certificate expiration

I was reading the info regarding the issuance of an automatic email by you prior to certificate expiration. Does this mean I can stop certbot from running every 12 hours and simply wait for the email? A related question; I was looking at the logs but can’t tell for sure if running certbot every 12 hours generates any network traffic or is the expiration simply checked internally? Thanks

1 Like

Hi @hraycrum69,

The e-mail is meant as a kind of fallback warning that automated renewal has not succeeded. If you wait for it, you’re increasing your work and risk somewhat, because the e-mail might not make it through to you, and you’ll have to do something manually in any case. If you want to rely on manual rather than automated renewals for some reason, I would suggest subscribing to, or creating, some other kind of monitoring service as a backup, in case there’s any kind of problem with the reminder from Let’s Encrypt.

For the first few years, it was entirely local. Following a problem earlier this year where some certificates had to be revoked and reissued for policy reasons, the Certbot team went ahead with an earlier plan to have it also check OCSP

to see if the certificate has been unexpectedly revoked for some reason. If you actively don’t want this to happen, we could look at finding a way to turn it off, but that’s a very unusual preference among Certbot users and would probably not be added as a feature in the official releases.

3 Likes

It is checked internally; no network traffic.
If you unsubscribe from the email by accident, you can’t resubscribe. You might also miss it. I would not rely on that.

EDIT: just saw a post it now does network traffic.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.