Yesterday I received an email saying my Let’s Encrypt certificate will expire on 10 April 2019. Quoting from the email:
Your certificate (or certificates) for the names listed below will expire in 10 days (on 10 Apr 19 07:19 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means
renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.
The following certs are not due for renewal yet:
/etc/letsencrypt/live/campercaver.net/fullchain.pem expires on 2019-06-18 (skipped)
No renewals were attempted.
===========
Why am I getting a renewal notice if my certificate does not need renewal?? Why is there a difference between expiration dates?
The server is CentOS7 and Apache 2.4.6. Certbot is version 0.31.0. There is a cron job that runs certbot every day.
If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate. If you check the certificate currently running on your website, and it shows the correct date, no further action is needed.
Your newer certificate has an additional subdomain.