I received an email telling me that my certificate will expire in 2 days. However on my browser I can see that it is still good until April! Who should I believe?
thanks in advance !
My domain is: https://www.decoferforge.com
3 Likes
Believe your browser.
You probably issued a certificate for a different set of domain names and Let's Encrypt sees that as a new certificate and not a renewal of the old one.
4 Likes
You might want to check https://ssl-config.mozilla.org, though
https://www.ssllabs.com/ssltest/analyze.html?d=www.decoferforge.com
3 Likes
Yes. And you can see cert history here
The email should show the domain names it warns about
4 Likes
Yep, the apex domain will not be covered anymore in 38 hours. @remif do you need a certificate for your apex domain or is www. enough?
https://tools.letsdebug.net/cert-search?m=domain&q=www.decoferforge.com&d=2160
3 Likes
The apex domain is no longer use. But i'm scared because in the main i've all the domain concerned : 
admin.decoferforge.com
decoferforge.com
www.decoferforge.com
1 Like
You have (and are using) a certificate for both others.
But you still need a certificate for the apex if you want to redirect it to www.
3 Likes
@9peppe has described the issue but here is more details to help you
Your server is currently sending a cert with just your admin and www subdomains. Your server responds correctly to both domains. This cert was created on Jan24. See your current cert with SSL Checker
But, requests to your apex name do not behave well.
Requests to http://decoferforge.com
redirect to https://www.decoferforge.com
That is good
Requests to https://decoferforge.com fail with this:
curl -I https://decoferforge.com
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to decoferforge.com:443
If you want these to redirect your cert needs to include the apex name and your server must have a port 443 listener to redirect the https apex request to https www.
4 Likes
Actually, it could be better: if you use HSTS you want to redirect to https on the same FQDN, then redirect FQDNs.
4 Likes
Yes, they might want to consider HSTS once they get their fundamental cert and https connections reliable. It is an advanced topic and requires some care and understanding.
4 Likes
Yes, it's a big if.
5 Likes
First question is : will my https://www.decoferforge.com will work in two days ?
If yes i will take my time to be sure to understand before try to fix this situation !
Thanks
2 Likes
Yes, your server is using a cert that expires on Apr24. See here. It is valid for your www and admin subdomains only.
4 Likes
Welcome to the Let's Encrypt Community, Remi 
4 Likes
If you intend on accepting https://decoferforge.com/ [even if only to redirect it to the "www"], you will need to use a valid certificate at that server.
Name: decoferforge.com
Address: 213.186.33.5
Name: www.decoferforge.com
Address: 51.75.23.75
NOTE: It is a different IP [and likely on a completely different server]
4 Likes
Good catch @rg305. In fact, http requests to decoferforge.com get a response from an nginx server and http to www.decoferforge.com gets a response from Apache.
Sometimes we see this if they use URL redirect at the domain registrar (rather than a DNS A or CNAME record).
3 Likes
If they have DNS zone control, they may be able to update the apex record to match the "www" IP.
But I have no idea what else might be using that name/IP, so, I don't recommend doing that (just yet).
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.