I have a site hosted at SiteGround.co.uk (lets call it wild.co.uk) using a wildcard certificate from letsencrypt.org. Then i created a new site for multiple domains, one of which includes a subdomain from wild.co.uk. For this second hosting I got a multidomain certificate (not from letsencrypt.org).
Now I’m getting an email from letsencrypt.org stating that the certificate for this particular subdomain is about to expire.
I think there might be a crossed wire here - Let's Encrypt doesn't issue wildcard certificates.
If you are actively using the Let's Encrypt issued certificate with a server then you will need to renew it or visitors to that server will encounter an error due to the expired status of the certificate.
so maybe the ‘wildcard’ is not really a wildcard but SiteGround actually issues a letsencript cert for every domain registered with them?
In which case I would supposedly have a letsencrypt cert for the subdomain as well as the multidomain certificate.
I never requested SiteGround to issue a certificate for this subdomain, and in any case this was done in the last couple of months, i don’t think a certificate should expire after so short time.
So in your opinion, should I need to worry about any of my sites loose their certificate validities?
I'm not sure I understand completely. Could we talk in more concrete terms? Perhaps you could share the list of domains you are worried about, and the list of domains that were included in the body of expiration warning email you received. With those we can probably clear this up faster.
From:expiry@letsencrypt.org Subject: Let's Encrypt certificate expiration notice Date: 11 August 2016 at 12:00:43 CEST
Hello,
Your certificate (or certificates) for the names listed below will expire in 19 days (on 31 Aug 16 08:41 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
This payment.garmentprinting.co.uk, along with pago.garmentprinting.es are currently using the MultiDomain certificate a spoke of, not any letsencrypt certificate.
As cpu said in his first response, it doesn’t seem like it … it was probably a misunderstanding of mine due to the fact that my hosting provider didn’t ask me if i needed a certificate for the newly registered subdomain and requested one anyhow (this is also a speculation of mine, I’m not sure how the certificate got issued at all).
Best regards
Gotcha - I definitely also see a GoDaddy issued certificate when I visit these websites over TLS and not a Let's Encrypt issued certificate.
So it looks like there were two Let's Encrypt certificates that have been issued with some of your domain names. The first, the one that you are being emailed about, is https://crt.sh/?id=20776952 and covers two domains: [ www.payment.garmentprinting.co.uk, payment.garmentprinting.co.uk ] - it will expire Aug 31st.
The second, crt.sh | 21322813 covers two domains: [ pago.garmentprinting.es, payment.garmentprinting.co.uk ] - it will expire Sept 5th and you will likely receive a warning email for it too in the next few days.
If you didn't issue either of those two Let's Encrypt certificates (perhaps your hosting provided did it automatically) then it should be safe to ignore the email. It appears like you are only using your GoDaddy issued certificate and so the expiration will not affect you.