Your certificate (or certificates) for the names listed below will expire in 7 days (on 2023-06-09). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.
But they are set to auto-renew. Is this just spam to torment sysadmins?
And, had you posted in Help topic you would have been show form below. If you want help debugging your renewal problem please complete as best you can
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Then what legitimate purpose do they serve? “Warning: pay attention to this thing you already configured to not have to pay attention to” seems designed to torment those of us who have actual things to pay attention to.
It seems you haven't read the entire documentation yet, so I'll try to coach you a little bit in the right direction: if you get an expiry email, there is MORE happening than ONLY auto-renewing existing certificates.
The expiry reminders are sometimes controversial because they can have false positives when sysadmins split or merge certificates, or reissue them adding or removing names. (The expiry reminders don't treat this as a "renewal" because they don't know whether the particular changes made are or are not a comprehensive replacement for the original certificate.)
Still, I think that the huge majority of these reminders are true positives, caused by people not setting up autorenewals, or caused by the autorenewals failing somehow (often due to changed DNS records or something).
The certificate-reorganization potential false positive case is mentioned in the documentation and it would be nice if the reminder e-mails could get a little cleverer about this, but there isn't a clear way to eliminate false positives here without also increasing false negatives.
Sure, there are false positives. But OP doesn't seem to have given any thought whatsoever to the possibility that the auto-renewal he thinks he configured isn't working, or done anything to confirm that the cert in question has in fact renewed or been replaced by another that covers the FQDN in question.
Now, of course, it's possible that's been done--but OP hasn't said anything to suggest it's the case.