Valid certificate but expiry notification from Let's Encrypt

Today I received expiry notification from Let's Encrypt for certificate that is valid from 2021-10-26 till 2022-01-24 for website carrent.kishman.org. Both certificates for parent domain (kishman.org) and subdomain are valid.

Is there duplicate certificates being generated that we do not see on our IIS webserver? or Was it send by mistake?
Email has unsubscribe link. Should that be used to clear future notifications send by mistake.

Please help.

1 Like

I very much doubt you got an e-mail for that specific certificate, as Let's Encrypt doesn't start sending those e-mails about 2 to 3 weeks before expiry. Which 24 January 2022 isn't.

I think the e-mail was about the certificate crt.sh | 5018765165 which is expiring within the following hour?

3 Likes

Welcome to the Let's Encrypt Community, Prakash :slightly_smiling_face:

2 Likes

Hello Oriris,

Please find below email from Lets Encrypt. Email clearly shows subdomain address. Certificate is valid from 2021-10-26 till 2022-01-24. Should I be concerned or ignore this message.

Hello,

Your certificate (or certificates) for the names listed below will expire in 0 days (on 08 Nov 21 16:51 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.

carrent.kishman.org

For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can't provide support by email.

For details about when we send these emails, please visit: Expiration Emails - Let's Encrypt In particular, note that this reminder email is still sent if you've obtained a slightly different certificate by adding or removing names. If you've replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.

If you are receiving this email in error, unsubscribe at:
---------------- Unsubscribe link ------------
Please note that this would also unsubscribe you from other Let's Encrypt service notices, including expiration reminders for any other certificates.

Regards,
The Let's Encrypt Team

Please see the certificate details in the expiry e-mail:

which is this certificate: crt.sh | 5018765165

And compare it to the four other certificates for that hostname:

And appreciate the difference between those four and the now-expired certificate.

3 Likes

There are two certificates. One that was named [Manual] and another with [IIS]. Probably, Win-acme application creates [Manual] certificated when run manually to renew certificates. I see a certificate name starting with [IIS] is expiring, today. Sorry! for the confusion.

1 Like

No, that link will remove your email address completely.
[and there has been no mistake]

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.