Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: in.b.shield.monitoringservice.co
ran this command:
NO Command run last time its renew on 20 April now its show us 17 June issue date we did not do anything how it can be possible it updated ?
It produced this output:
My web server is (include version):
HAproxy
The operating system my web server runs on is (include version):
ubuntu 16.4 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Certbot 0.26.1
I can understand 2019-04-18 2019-07-17 start and end time
Let’s Encrypt Authority X3|2019-04-18|2019-07-17|in.b.shield.monitoringservice.co|
“”“how this happen ? we did not do anything on 17-06-2019 how this cert can be updated if we still have
2109-04-18 to 2019-07-17 CN=in.b.shield.monitoringservice.co
17.06.2019
15.09.2019 . “””
It is running autorenewal checks from systemd based on the Certbot package setting this up.
This is intended behavior because most people’s experience with Certbot will be much better if it automatically renews certificates for them. Your system was set up to do this automatically when you first installed Certbot, using the systemd timer mechanism instead of cron.
@schoen
thanks for time to sort my issue here i have few question
1- we can renew cert any time ?
2- if we have 25 days left can we renew the cert ?
3- is we need to enable this certbot.timer certbot.service as we dont renew certs auto
You can renew the certificate at any time. It doesn’t matter how close it is to being expired or not. The only restriction is that you can’t renew the certificate more than five times in a single week.
Certbot will only renew certificates with certbot renew if they are less than 30 days from expiry. However, you can override this behavior by running with certbot renew --force-renew.
If you don’t want Certbot to autorenew certificates at all, you can set autorenew = False in the renewal configurations in /etc/letsencrypt/renewal, or request the certificates with the --no-autorenew option, or disable the systemd timer. (My recollection is that the first two options will cause certbot renew to ignore the certificate completely, which means you would also not be able to renew the certificates in question with certbot renew.)
guys i need few points to avoid auto or regenerated certs
1- if certs renew before time (mistakenly or due to system auto options) need email
2- can i bond cert generated on my approval or autanctitcation no body can renew cert with out my permission ( any key . pass etc)
3 can we got mail if cert goinging to expire in 30 days ?
Well, look at it this way. In order for somebody to issue certificates without your authorization, practically speaking, they have to hack into your server or DNS host so they can perform the Let's Encrypt validation process.
The more locked-down your hosting and domain registration is, the better protected you are against unauthorized certificate issuance.
If you nominated an email address when Certbot prompted you for one, then yes, you will receive multiple warning emails as your certificate approaches expiration.
