Unsure if my certs will auto renew or not

So I got this email from Let's Encrypt Expiry Bot:

Hello,

Your certificate (or certificates) for the names listed below will expire in 6 days (on 2024-08-05). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.

frostjedi.com

For details about when we send these emails, please visit: Expiration Emails - Let's Encrypt In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.

For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email.

To learn more about the latest technical and organizational updates from Let's Encrypt, sign up for our newsletter: Newsletter Signup - Let's Encrypt

If you are receiving this email in error, unsubscribe at:
...
Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates.

Regards,
The Let's Encrypt Team

My question is... why? In-so-far as I know I set everything up correctly but this email doesn't exactly instill confidence in me.

Certbot Instructions | Certbot mentions sudo certbot renew --dry-run. When I run that I get this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/frostjedi.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for frostjedi.com and www.frostjedi.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.frostjedi.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for www.frostjedi.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/frostjedi.com/fullchain.pem (success)
  /etc/letsencrypt/live/www.frostjedi.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

So why am I getting these emails?

Certbot Instructions | Certbot also says "the command to renew certbot is installed in one of the following locations" and mentions, among other places, /etc/crontab/. When I open that up in vim I get this:

0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q

So everything looks good to me so why am I getting these emails and will my domain auto renew?

Welcome to the Let's Encrypt Community.

If you changed the names used in that certificate, it is no longer considered the same certificate and will trigger notification emails.

You might want to see if the following recent reply to a nearly identical topic helps explain it.

6 Likes

Just adding more detail to linkp's good explanation and reference

You have gotten certs with various combinations of names. Your HTTPS is currently using the cert with both your apex and www name in it (the one issued Jun18)

Your earlier cert with just your apex name looks like it is no longer renewing and if you are not using it anywhere else that is fine. This is the name listed in that email you got.

Your cert with only the www domain renewed on Jul6. If you are not using that cert anymore you should remove it so it doesn't continually renew.

See the Certbot docs on instructions for the delete command. Do not try to delete files from the Certbot folders manually. This often leads to problems.

5 Likes

Then you may need to re-re-re-read the email.
[until you clearly understand what it says]

Like this line:

5 Likes
4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.