Receiving expiration notice e-mail with wrong date

Please fill out the fields below so we can help you better.

My domain is: www.mol.pl

I ran this command:
/root/certbot/certbot-auto renew

It produced this output:

The following certs are not due for renewal yet:
/etc/letsencrypt/live/mol.pl/fullchain.pem (skipped)
No renewals were attempted.
Cert not yet due for renewal

My web server is (include version): Apache 2/Centos

I also check my certificate date server side like so:

certfile=/etc/letsencrypt/live/mol.pl/fullchain.pem
validUntilDate=`date --date="$(openssl x509 -in $certfile -noout -enddate | cut -d= -f 2)" --iso-8601`

That gives me date 2017-08-22 which is consistent with what my browser (Firefox) says for the website certificate.

Yet I received an e-mail saying:

Hello,

Your certificate (or certificates) for the names listed below will expire in
19 days (on 23 Jul 17 09:40 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

i18n.mol.pl
mol.pl
molik.eu
patron.pl
www.mol.pl
www.molik.eu
www.patron.pl

The email system considers a certificate “renewed” if there is a new certificate containing the exact same set of names.

This is the certificate that’s expiring: https://crt.sh/?id=127529298
Here’s your current certificate: https://crt.sh/?id=143472720

Your current certificate adds one new name (next.mol.pl), so the email system considers it different, and doesn’t count it as a “renewal”. You and i know that the new certificate replaced the old one, but it doesn’t understand that.

So, you don’t have to do anything. :slight_smile: (Unless you have the older certificate installed on a different computer or something.) You can ignore the warning emails about that certificate.

Oh. So that’s the problem. Would be nice if it cloud notice that more recent certificate overlaps the previous one. Shouldn’t be that hard to check DNS list.

Or maybe there is a way to invalidate old certificate manually so that next time the bot don’t send those scary messages ;-)?

It is intentional, but people seem to have a huge amount of trouble with this:

https://community.letsencrypt.org/search?q=reminder%20exact

Did you happen to notice the phrasing about this in the reminder e-mail itself? Did you find it confusing? Or just not particularly noticeable?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.