Your certificate (or certificates) for the names listed below will expire in
9 days (on 03 Oct 17 10:38 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.
For details about when we send these emails, please visit https://letsencrypt.org/docs/expiration-emails/. In particular, note
that this reminder email is still sent if you’ve obtained a slightly
different certificate by adding or removing names. If you’ve replaced
this certificate with a newer one that covers more or fewer names than
the list above, you may be able to ignore this message. "
I read this excellent forum before posting a question, i readed after your proposal to read.
Can you check if your certificate from https://www.rachatducredit.com has been renewed, and it is untied from the server-related certificate de2992.ispfr.net containing and associated with the website ?
You can check this for yourself in your browser using the browser feature that lets you examine the content of a certificate.
But in this case, yes, you have a fresh Let’s Encrypt certificate in use there that’s valid until late December and applies only to your domain name, not to your hosting provider’s domain.
No, no browsers currently read the CT logs to determine if a certificate was issued but is not in use. The only issues you could run into is if you had used HSTS or HPKP on your domain. These features can cause browsers who had previously visited your site via HTTPS to throw errors when visiting via HTTP subsequently. However, very few websites currently utilize such features, and they require extensive design consideration.
You only need a certificate for hostnames in URLs people actually access. If nobody types or clicks on a link that begins with https://de2992.ispfr.net/ then you do not need a certificate for it.
(In fact, with some large ISPs, Let's Encrypt actually won't allow you to get a certificate for the hostname your ISP provides you.)
