Received "Let's Encrypt Expiry Bot" email even though I have renewed my certificate

Hey there,

I have renewed my certificates recently and they seem to have been updated. I checked in the expiry date in safari and used https://www.sslchecker.com/sslchecker to ensure that the expiry date is not on the 2nd of July, however I still received an email saying:

"Hello,

Your certificate (or certificates) for the names listed below will expire in
9 days (on 02 Jul 17 10:49 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

www.tail.at"

My domain is:

I ran this command:
certbot-auto renew

It produced this output:
Congratulations, “all renewals succeeded”. I ran the command again and got:
"-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.tail.at.conf

Cert not yet due for renewal"

My web server is:
Amazon Linux AMI

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

Hi @Harley,

This expiration message was for this certificate, issued Apr 3 10:49:00 2017 GMT with serial # 03:c0:45:99:3c:53:7c:c0:7d:69:8b:81:9f:3f:39:0e:93:cd. It only has the domain "www.tail.at" included.

The certificate you've been renewing (Most recent instance here) has both "www.tail.at" and "tail.at" included in it.

Our expiration mail documentation explains why this happens:

We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

In this case the certificate being warned about doesn't have the exact same set of names as the newer certificates, so we warn that its close to expiring. In this case since you already have an unexpired certificate that covers that name & one more you can safely ignore the warning.

Hope that helps!

ah, ok that makes sense! Much appreciated. I will disregard that email.

H

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.