[Test Message] Let's Encrypt staging environment certificate expiry

Please fill out the fields below so we can help you better.

My domain is: will provide if relevant

I ran this command: n/a

It produced this output: receiving staging emails

My operating system is (include version): ubuntu 14.04LTS

My web server is (include version): nginx/1.4.6

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hello, I wondered if anyone could help. I am receiving several emails regarding a “staging environment” certificate expiry. An example is (redacting anything specific). Can anyone shed light on this? The actual certs being referenced in the emails are not about to expire (on an automated renewal script, double checked to be sure etc). Thanks for any insight.

Hello,

[ Note: This message is from the Let's Encrypt staging environment. It likely is not relevant to any live web site. ]

You issued a testing cert (not a live one) from Let's Encrypt staging environment. This mail takes the place of what would normally be a renewal reminder, but instead is demonstrating delivery of renewal notices. Have a nice day!

Details:
DNS Names: [redacted]
[redacted]
[redacted]
Expiration Date: 12 Oct 16 13:29 +0000)
Days to Expiration: 1

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email.
If you are receiving this email in error, unsubscribe at http://mandrillapp.com/track/unsub.php?[redacted] (HTTP link, we know. We're working on it!)

Regards,
The Let's Encrypt Team

Hi @da-n,

I can try to look into these messages for you further if you provide the redacted DNS Names.

Thanks!

@da-n, you can of course contact @cpu if you want an authoritative answer. I just wanted to suggest that if anyone else helped to get your certificate environment set up, and ran a test with --staging, you would get these reminders even though the test certificate perhaps didn’t get installed or retained anywhere.

1 Like

da-n,

Did you ever get an answer to your question? I am receiving the same message. Maybe I did run a test with the “–staging” argument, but I don’t remember at this point. I ran openssl against my current “cert.pem” and it says it is valid:

Validity
Not Before: Oct 5 12:25:00 2016 GMT
Not After : Jan 3 12:25:00 2017 GMT

I would just like to know what I need to do to stop receiving these “[Test Message]” e-mails and still maintain what I think is a valid certificate.

Thanks

Hi @boards188,

I didn’t receive a domain name from @da-n to investigate further.

@boards188, Can you share the domain names you are receiving a staging expiration email for? I’m not aware of any bug that would produce these messages and suspect it was likely a true --staging issuance that might have been forgotten about.

Thanks!

@cpu,

I am pretty sure it’s not a bug in the software. I found the following entries under “/etc/letsencrypt/accounts/”

drwx------ 3 root root 4096 Jul 27 08:13 acme-staging.api.letsencrypt.org
drwx------ 3 root root 4096 May 2 08:56 acme-v01.api.letsencrypt.org

So, I suspect that I ran the “–staging” argument at the beginning. So, I think the question is, how do I get rid of “acme-staging.api.letsencrypt.org”?

I am somewhat reluctant to publish the host/domain because it is just for my personal use. But, it is boards.dnsalias.net.

Thanks

Aha - that does explain it.

Are you using Certbot? I'm not sure what the best method for cleaning up an active staging entry with Certbot is, but perhaps @bmw, @schoen, or another community forum member would know.

If you just want to clean up the files in /etc/letsencrypt after issuing from staging, you should be able to simply delete /etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org. In almost all cases, this should be fine, however, it depends on what you’ve done with Certbot in the past. To verify that this is safe to do, run this command:

sudo grep -r $(sudo ls /etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory) /etc/letsencrypt/renewal/

If it produces no output, deleting /etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org is safe and won’t cause any errors in the future.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.