Just a very basic question, I renewed the certs on " 2022-03-08" but I received the following email on "2022-03-26"
Your certificate (or certificates) for the names listed below will expire in 11 days (on 05 Apr 22 21:39 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
Please read the entire expiry email, including all linked documentation pages.
The certificate from the email is probably https://crt.sh/?id=5923909757
Essentially, the warning is because you once had a cert covering multiple names - that is now expiring. You apparently now have separate certs for these names.
The point of this ticket is to show the certs have already been renewed and I shouldn't be receiving any notification, the notification is spammed to multiple teams which trigger a lot of questions...
You know... This isn't a ticket. It's a topic on a discussion forum.
There's a reason you get those emails: if you replace a certificate instead of renewing it, the old one expires, and it's fine, but it expires nonetheless.
Yes but the point of my last comment is I'm looking for constructive comments for the posts, I posted to the HELP topic to gather a further understanding of the process not "hey read your email and I think it's this certificate..."
Does that make sense
@rwat090 Sure, it can be confusing.
A cert is "renewed" if it has the exact same set of domain names as an earlier one. This is described in Let's Encrypt Rate Limits (a bit obscure but ...).
As pointed out in previous comments, your current cert for
mediapublish.auckland.ac.nz has just that name in it. The cert being warned about has 3 domain names in it. So, LE does not consider it "renewed".
You can agree or disagree but that's how it works.
Yes, and we're telling you why you get the emails and under which conditions you can just ignore them.
Of course we can't know if you just don't need a certificate anymore or your automatic renewal is broken. Only you can know that. At most, we can see if you have newer certificates for the same names.
The automatic system doesn't do that. It only compares the entire set of domain names in a certificate. If they're identical, it thinks you renewed, otherwise (add, remove domains? split one certificate in two?) it thinks it's an entirely new certificate.
So, yeah, the emails are for convenience, they're not an end-of-the-world alert.
Only worry about them if you have reason to worry about them.
When someone clicks on "Solution" option I wasn't expecting more people to comment on the orginal request and I have no issues with people commenting on the thread but they do need to provide more detail with their response, a simpler two-liner doesn't explain anything...
It's all explained in the documentation linked in the expiry email.
Please let us know what wasn't clear about that documentation so it might be improved.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.