I'm seeing a 10 day renewal for a domain that got its certificate reissued on 4 May, and certbot agrees. Loss of state on the back end? Should I force a renew to clean this up?
1 Like
The renewal email you got explains this:
"You might get this email if you added or removed names", something like that is written in the email.
That's exactly what happened here:
You have an old certificate, valid until May 24 12:29:39 2021 GMT, that is valid only for ofcourseimright.com
Now you have a new certificate, issued on May 4, that is valid for both ofcourseimright.com and www.ofcourseimright.com -> The certificate was expanded.
Let's Encrypts expiry bot logic cannot link renewals, if domains were added or removed. Therefore such expiration emails are expected, they will cease once the old one has expired.
2 Likes
It might be that you created multiple certs back on March 4th, and are only able to renewed one of them.
In any case, the email should say something like "you can ignore this if you've already renewed your cert".
1 Like
Thanks for the explanation. Sorry I missed it the first time around. Hey where can one get a nice table view like that?
2 Likes
https://crt.sh/
https://crt.sh/?Identity=www.ofcourseimright.com&deduplicate=Y
3 Likes
All certificates (from all public certificate authorities) are publicly logged in Certificate Transparency Logs. The actual logs themselves, though, are much more focused on cryptographically-verifying that everything submitted has been logged and can't be easily queried directly. So there are several services out there that pull all the data from the various transparency logs and let you see what certificates have been issued for a domain, such as these:
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.