Let's Encrypt certificate expiration notice for domain

Discussion in 'ISPConfig 3 Priority Support' started by spanish, Dec 12, 2017.

  1. spanish

    spanish Member HowtoForge Supporter

    I'm receiving emails from letsencrypt.org like this:
    Let's Encrypt certificate expiration notice for domain
    Your certificate (or certificates) for the names listed below will expire in
    9 days (on 21 Dec 17 23:57 +0000). Please make sure to renew
    your certificate before then, or visitors to your website will encounter errors.
    • Is this normal?
    • How many days before are certificates renewed in ISPConfig?
    • How can I check that my ISPConfig 3 auto-renew is working OK?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig runs certbot with renew option once a night, the certs are renewed by certbot and the time when they get renewed is decided by certbot. You should take a look into the letsencrypt log file to see if certbot has any issus in renewing certificates.
  3. spanish

    spanish Member HowtoForge Supporter

    No errors in the logs, the certificate was renewed on December 15 and is valid until February 16.
    If I check my domain on https://transparencyreport.google.com/https/certificates , my previous SSL certificate also appears (COMODO Positive WildCard, valid to Apr 18, 2018).
    Could this be the cause of the false positive?
  4. sjau

    sjau Local Meanie Moderator

    Did you alter the cert? Eg add a new subdomain or something?

    You will get a warning if the domain/subdomain names in the certs are not the same anymore.

    e.g. originally you had domain.tld, www.domain.tld and now you added a subdomain: domain.tld, www.domain.tld, sub.domain.tld

    So certbot will request cert for all three entries and not for the first two alone... so the first one will expire soon and you'll get warning before it does.

Share This Page