My domain is:actic.aprenonline.eu
My command and output follow
Apache 2.4 on Ubuntu 20.04
The version of my client is 0.40.0
Even though, as you can see in the output above, the certbot says the certificate is not due for renewal, I continue reveiving mails saying, by now, that certification will expire in 9 days!
Who's wrong? The certbot, or the mails?
Any help will be greatly appreciated.
Carles
Likely neither.
You should read the email closer.
For instance, the cert: crt.sh | 7204690705
Only covers the name:
X509v3 Subject Alternative Name:
DNS:actic.aprenonline.eu
All subsequent certs that include that name also include more names:
crt.sh | 7484043016
covers:
X509v3 Subject Alternative Name:
DNS:actic.aprenonline.eu
DNS:app.aprenonline.eu
DNS:borsa.aprenonline.eu
crt.sh | 7484071463
covers:
X509v3 Subject Alternative Name:
DNS:actic.aprenonline.eu
DNS:app.aprenonline.eu
DNS:borsa.aprenonline.eu
DNS:concurs.aprenonline.eu
crt.sh | 7484123712
covers:
X509v3 Subject Alternative Name:
DNS:actic.aprenonline.eu
DNS:app.aprenonline.eu
DNS:borsa.aprenonline.eu
DNS:concurs.aprenonline.eu
So, you see that there was no cert that renewed that exact same set of names.
The "good news" is that the emails stop once the certs expire.
That said, be prepared to receive emails about the following cert in the coming months:
crt.sh | 7484043016
Which is a unique set of names [that you will not likely renew].
Please show the output of:
certbot certificates
This. And the linked documentation within the email.
Thanks for your answe, Osiris.
The output you asked for is
Honestly, I do not understand why do I have to have so many certificates. If the first covers my four domains, why for the others?
Usually this is due to users trying Certbot out, starting with a single domain, not knowing it's possible to add multiple hostnames to a single certificate. When they find out and get a multi-SAN certificate, they're not aware of the certbot certificates command, not aware of the multiple certificates known to Certbot and Certbot just keeps renewing all certificates, as Certbot cannot know the actual use of the certs.
Also, your Certbot version is ancient. It's very possible more recent versions of Certbot had better detection of redundant certificates. Certbot currently would ask you if you'd like to expand an already existing certificate.
Looks like you have indeed 2 redundant certificates. You can delete those two superfluous ones, but you need to check if no service is using them first before deleting them.
Osiris,
I feel very sorry, but unfortunately I do not have the knowledge to follow your hints. Please, could you be more specific?. I understand that I certainly need help, since I know almost nothing about certs. All I have done, was done quite back. I just know the two basic commands of certbot!. Please, can you help me? Can you tell me what commands do I need to do the things you mentioned?
I would be infinitely grateful!
Carles
Missatge de Osiris via Let's Encrypt Community Support <notifications@letsencrypt.discoursemail.com> del dia ds., 15 d’oct. 2022 a les 13:17:
You can learn more about deleting certs from Certbot at User Guide — Certbot 1.31.0 documentation. Please do read the part about safely deleting certificates carefully.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
