So I got this email from Let's Encrypt Expiry Bot:
Hello,
Your certificate (or certificates) for the names listed below will expire in 6 days (on 2024-08-05). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.
For details about when we send these emails, please visit: Expiration Emails - Let's Encrypt In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.
For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email.
To learn more about the latest technical and organizational updates from Let's Encrypt, sign up for our newsletter: Newsletter Signup - Let's Encrypt
If you are receiving this email in error, unsubscribe at:
...
Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates.Regards,
The Let's Encrypt Team
My question is... why? In-so-far as I know I set everything up correctly but this email doesn't exactly instill confidence in me.
Certbot Instructions | Certbot mentions sudo certbot renew --dry-run
. When I run that I get this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/frostjedi.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for frostjedi.com and www.frostjedi.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.frostjedi.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for www.frostjedi.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/frostjedi.com/fullchain.pem (success)
/etc/letsencrypt/live/www.frostjedi.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
So why am I getting these emails?
Certbot Instructions | Certbot also says "the command to renew certbot is installed in one of the following locations" and mentions, among other places, /etc/crontab/
. When I open that up in vim
I get this:
0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q
So everything looks good to me so why am I getting these emails and will my domain auto renew?