Receiving expiration notice emails for certificates due in more than 2 months

Hi...

I keep receiving emails telling me my certificates will expire on Dec 17th, but according to ssllabs.com's test, they will expire on 25th Feb next year.

What's wrong?

Thanks in advance.

app.tools4business.com.br
asset1.tools4u.com.br

Have you read the expiry e-mail documentation on https://letsencrypt.org/docs/expiration-emails/ ?

That URL should also have been in the expiry e-mail somewhere which you've received.

If you have any questions after reading the above documentation, please feel free to do so. :slight_smile:

Hi..

Thanks for the reply.

"If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate."

The only sub domain that matters to me are:
app.tools4business.com.br,
asset1.tools4u.com.br and
img.tools4business.com.br

All of them expires in Feb next year.

If I'm receiving this kind of email, that means there is another relative name (which I'm not aware)

Anyway, am I correct to ignore this email if all subdomains that matters to me expires in far future, correct?

"If you check the certificate currently running on your website, and it shows the correct date, no further action is needed."

Thank you very much.

You can view all Let's Encrypt issued certificates on the site crt.sh and search for your domain name:

As you can see from the crt.sh link above for your domain, those three hostnames are accounted for, multiple times by the way.

It's probably this certificate: https://crt.sh/?id=3394875852, issued on Sep 18 and will expire on Dec 17, containing app.tools4business.com.br and asset1.tools4u.com.br.

I guess you should also have gotten an e-mail for https://crt.sh/?id=3394841569 from the same date, containing tools4business.com.br and www.tools4business.com.br, as the only renewal for that cert was a cert from Certigo and not Let's Encrypt.

Yes.

That said, I would like to urge you to take a close look at your ACME client to find out why it has issued so many duplicate and unused certificates on 2020-11-27:

Three identical and unused certificates just for app.tools4business.com.br:

Two identical and unused certificates for asset1.tools4business.com.br:

Three identical and unused certificates for img.tools4business.com.br:

Three identical and unused certificates for asset1.tools4u.com.br:

I guess eventually you put all the relevant hostnames into a single certificate currently in use which by the way also has a duplicate certificate from the same date..

May I remind you that for testing of your ACME client you're supposed to use the staging environment? You're pretty much wasting precious Let's Encrypt resources by issuing so many duplicate certificates! which aren't even used for those hostnames for HTTPS! The certs may be free for you, but every single certificate costs Let's Encrypt a bit of money due to operating costs of their systems, which obviously increase with increasing load on those systems.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.