SSL certificate expire date

kaslan · October 7, 2019, 7:22am

Hello ;
I receive a warning email from letsencrypt that my certificates will expire. (on 16 Oct 19 11:21 +0000) But I check with “certbot-auto certificate” command and some web site ( like https://www.whynopadlock.com ) my certificates expire date like ( Expiry Date: 2019-12-10 12:23:13+00:00 (VALID: 64 days) ) I want to renew with “certbot-auto renew” command I get the following information ;
(The following certs are not due for renewal yet:
/etc/letsencrypt/live/webhost.sakarya.edu.tr/fullchain.pem expires on 2019-12-10 (skipped)
No renewals were attempted.)
must I do something about my certificate expire date before on 16 Oct 19 ?
Thanks.

My domain is: webhost.sakarya.edu.tr

I ran this command: certbot-auto renew

It produced this output: (The following certs are not due for renewal yet:
/etc/letsencrypt/live/webhost.sakarya.edu.tr/fullchain.pem expires on 2019-12-10 (skipped)
No renewals were attempted.)

My web server is (include version): apache

The operating system my web server runs on is (include version): centos 6.8

_az · October 7, 2019, 7:38am

From Expiration Emails - Let's Encrypt :

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.

You added and removed a number of domains on your most recent certificate, which causes Let's Encrypt's expiry reminder system to count them separately.

You can safely ignore the reminder email if you are no longer using the older certificate.

JuergenAuer · October 7, 2019, 7:51am

Hi @kaslan

checking your domain there are 5 certificates:

1 - 2019-07-11 - 47 domain names
2 - 2019-07-18 - 49 domain names
3 - 2019-08-07 - 51 domain names
4 - 2019-09-11 - 53 domain names
5 - 2019-09-11 - 55 domain names

So you have changed the set of domain names -> so you don't need the older certificate.

kaslan · October 7, 2019, 7:54am

I add first certificate with "./certbot-auto –apache -d webhost.sakarya.edu.tr " commad and I want to add new domain I use " ./certbot-auto --expand -d webhost.sakarya.edu.tr -d example1.sakarya.edu.tr -d example2.sakarya.edu.tr " command . is there any mistake in this usage for letsencrypt ?

_az · October 7, 2019, 7:58am

Your command is correct.

The issue with the expiry emails is that they are too "dumb" to understand that you added new domains to your certificate.

You can disregard the email in this case, as you are using a newer certificate.

system · November 6, 2019, 7:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate expiration notice emails are somewhat vague Issuance Tech	2	2263	April 22, 2016
Email expiration notices, however Server	2	660	September 29, 2018
Cert renewed, but date wrong	16	9642	June 11, 2016
Got email notitifcations about upcoming expiration but certbot-auto states 'not yet due for renewal' Help	5	791	May 8, 2020
Confusion over SSL cert expiry date Help	22	144	February 24, 2025

SSL certificate expire date

Related topics