I just received a renewal reminder email saying I have 20 days left for the renewal on Mar 27th but the certificates in question were all renewed automatically on Feb 22nd and will expire May 22nd.
The thing that’s strange is that automatic renewal did not work until last month and I was very surprised to see it work in February. But now that it did (and I can see the correct dates in certificates at the affected domains) I wonder why this renewal email too soon.
Apparently the expiry bot does not have correct data/renewal information for these certificates.
If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed
This is the usual explanation when users encounter "wrong" renewal dates in reminder emails. It confuses users because the expiry reminder system doesn't know whether you are still planning on using the certificate with the previous FQDN set or not.
If you can share your domain, we can tell you whether the explanation applies.
Thank you. I’d rather not share the domain names. There isn’t an utility where I could check the Lets Encrypt certificate history for a domain, is there?