Hello. I received an email saying my subdomains (I have a dozen of them) are about to expire and I’m not sure how to renew the certificates.
I use letsencrypt through the docker image, which makes the process very simple.
You have several certificates that expire throughout September, but the most recent one expires on September 29. Let's Encrypt would not have sent you an email about it yet.
If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.
However, many ACME client configurations will renew a certificate about 30 days before it expires. If your setup works the same way, your latest certificate should have been renewed a few days ago, and it hasn't been. Either it's waiting a bit longer, or else there actually is a problem.
Do you know how your client is configured to renew certificates?
What do its logs show?
Edit: Your most recent certificate includes 12 different subdomains. Not just the 7 mentioned in your post.
I’m not certain there is a problem. I just received the email saying my certificates are about to expire. So I’m trying to understand the situation since I’m kind of new to this.
Not sure about the clients, since I didnt configure anything beyond the docker container.
Do you know where can I find the logs?
And yes, 12 subdomains.
I really appreciate your help!
Edit:
This was one of the email subjects. I received more than one email, because I’ve created the subdomains in different moments:
The staging environment issues testing certificates that aren’t trusted by browsers. It’s intended for testing new Let’s Encrypt features, developing ACME clients, testing deployments, and that kind of thing. (It has higher rate limits than the production environment.)
To mimic the production environment, it also sends expiration warning emails, based on the separate staging certificate database.
You must’ve done some sort of testing using staging, but unless you’re intentionally maintaining and renewing staging certificates for some reason, you can ignore expiration warning emails from the staging environment.
Still… if your production certificate doesn’t renew, you’ll get a real warning email in about a week. (If your production account has an email address.)
So, it happened.
I think all my subdomains expired and I can’t access them…
My docker-compose for letsencrypt is pretty simple and beyond the required arguments, I only have this:
- VALIDATION=http
- DHLEVEL=2048
- ONLY_SUBDOMAINS=true
- STAGING=false
I dont know what to do to renew the certificates/subdomains.