Renewing certificate

manbo · November 3, 2023, 7:01am

i use caddy + docker to run bitwarden server, and i got an email that my cert is going to expire after a week.

i ran the command:
docker compose logs | grep cert
and found this logs (latest):

caddy  | {"level":"info","ts":1696974935.7915778,"logger":"tls.renew","msg":"certificate renewed successfully","identifier":"manbo.duckdns.org"}
caddy  | {"level":"info","ts":1696974935.7916987,"logger":"tls","msg":"reloading managed certificate","identifiers":["manbo.duckdns.org"]}
caddy  | {"level":"info","ts":1696974936.207887,"logger":"tls.cache","msg":"replaced certificate in cache","subjects":["manbo.duckdns.org"],"new_expiration":1704758400}

it was the last message that contains cert keyward, and when i change those timestamps , it tells me that cert got renewed till (1704758400) Tuesday, January 9, 2024 9:00:00 AM (in my timezone).

And this renewal was done in Oct 10th but mail was sent yesterday saying cert is going to expire soon.
Should i do something manually to re-renew a cert? or was the email just sent wrong?

(sorry for my bad english, im not a native english speaker)

rg305 · November 3, 2023, 7:09am

Hi @manbo, and welcome to the LE community forum

There is no need to apologize for not being a native English speaker.
Anyway...
The reason you got that email is that even though you renewed the cert for that domain name, it wasn't obtained from LE:
SSL Server Test: manbo.duckdns.org (Powered by Qualys SSL Labs)

It was renewed from ZeroSSL.
LE knows nothing about that renewal.

You can ignore any such LE emails prior to 2023-11-09.
[if you receive any emails after that are not related to this issue]

manbo · November 3, 2023, 7:13am

ohhh
i really dont know how caddy (or maybe something else) renews certificate, but at least if it's updated well in any way, it doesn't have to be a big deal, right?
(by the way can i ask way does it changed to zerossl not LE? i havent changed any settings)

thanks for your kind and fast response

rg305 · November 3, 2023, 7:17am

Most likely someone changed the ACME client being used.
acme.sh uses ZeroSSL as the default.
Something/Someone may have installed that client recently.

manbo · November 3, 2023, 7:20am

cant really understand what that means haha xd (i just followed random tutorials to build this, im just new to this)
I'll just be satisfied that the certificate has been renewed well

thanks for your support!

rg305 · November 3, 2023, 7:21am

You're welcome!

It is valid until 2024-01-08
See: SSL Server Test: manbo.duckdns.org (Powered by Qualys SSL Labs)

Cheers from Miami

Osiris · November 3, 2023, 9:19am

It might also have been a temporary issue with Let's Encrypt. Caddy happily switches over to the next configured CA as mentioned at Automatic HTTPS — Caddy Documentation.

manbo · November 3, 2023, 2:15pm

hey! kinda late but thanks for your answer!

system · December 3, 2023, 2:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Server down and certificate almost out of date Help	3	391	December 31, 2022
Certificate not due to renewal yet Help	6	1321	August 18, 2020
Certbot renew returns 404 Help	9	7166	September 22, 2020
Error renewing cert, certbot status 400 Help	4	2877	March 14, 2019
How do I get * to certify Help	10	629	February 8, 2023

Renewing certificate

Related Topics