[kwlug-disc] Incorrect Let's Encrypt expiry notices

Keefer Rourke mail at krourke.org
Sun Nov 5 19:46:11 EST 2017 

When you renew a cert with Let's Encrypt, the "old" cert is still considered valid (i.e. if you were to copy the cert to a different system before renewing, you would be able to continue to use it after renewing the master copy afaik, since renewal does not also invalidate certs). As such, LE will continue to pester you about renewal even if you have already done so.

Basically I've set up an mail filter to send all renewal notice email from LE to another folder so I don't have to be bothered with this.

...Feel free to ignore these warning if you've already set up a Cron job for renewal for instance.

- Keefer (who has been annoyed by LE far too much in the past)


On November 5, 2017 7:37:26 PM EST, Raymond Chen <raymondchen625 at gmail.com> wrote:
>I checked with Chrome, Firefox and Safari. They were all fine, with
>expiry
>date Jan. 12, 2018. Your warning seems from "Let's Encrypt Expiry Bot",
>maybe it doesn't make a live request before sending the warning?
>
>
>
>On Fri, Nov 3, 2017 at 4:56 PM, Khalid Baheyeldin <kb at 2bits.com> wrote:
>
>> Yes. I get them all the time.
>>
>> The problem is that it still warns about the old certificate even if
>you
>> have renewed it.
>>
>> Did not find a way to turn this off, but I did not researched it
>either.
>>
>> On Fri, Nov 3, 2017 at 4:52 PM, Bob Jonkman <bjonkman at sobac.com>
>wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Has anyone else using Let's Encrypt been getting these messages?
>>>
>>> On 2017-11-03 04:35 AM, Let's Encrypt Expiry Bot wrote:
>>> > Hello,
>>> >
>>> > Your certificate (or certificates) for the names listed below will
>>> > expire in 9 days (on 13 Nov 17 07:59 +0000). Please make sure to
>>> > renew your certificate before then, or visitors to your website
>>> > will encounter errors.
>>> >
>>> > bobjonkman.ca
>>>
>>> Yet when I look at the certificates list with the 'certbot' command
>I
>>> get this:
>>>
>>> > webserver:~/ # certbot certificates Found the following certs:
>>> > Certificate Name: bobjonkman.ca Domains: bobjonkman.ca
>>> > www.bobjonkman.ca Expiry Date: 2018-01-12 15:43:59+00:00 (VALID:
>69
>>> > days) Certificate Path:
>>> > /etc/letsencrypt/live/bobjonkman.ca/fullchain.pem Private Key
>Path:
>>> > /etc/letsencrypt/live/bobjonkman.ca/privkey.pem
>>>
>>> I've had a few reminder notices for other certificates, and they
>>> haven't been accurate either.
>>>
>>> Should I be worried the cert will exipre in 9 days? Have I set up
>>> something incorrectly? Is it a bug in certbot? Is it a bug with
>Let's
>>> Encrypt's reminder software?
>>>
>>> Before I report this to Let's Encrypt I want to make sure I
>understand
>>> the situation.
>>>
>>> - --Bob.
>>>
>>>
>>> - --
>>> Bob Jonkman <bjonkman at sobac.com>          Phone: +1-519-635-9413
>>> SOBAC Microcomputer Services             http://sobac.com/sobac/
>>> Software   ---   Office & Business Automation   ---   Consulting
>>> GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>> Comment: Ensure confidentiality, authenticity, non-repudiability
>>>
>>> iEYEARECAAYFAln81wEACgkQuRKJsNLM5equRQCgppZYyqdbdQr6UtWLeyr0xvjG
>>> vDMAn0sKQka8vWETKnsp9qzoRVMADpfT
>>> =3i5O
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>
>>
>>
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple,
>and
>> wrong." -- H.L. Mencken
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20171105/fbefa6bb/attachment.htm>

More information about the kwlug-disc mailing list