Your certificate (or certificates) for the names listed below will expire in 7 days (on 2023-05-01). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.
Wouldn’t it make sense for the default renewal be day 59 prior to the email? Or is there a problem keeping the math straight after each renewal?
No. These start 30 days prior to expiration and are quite valid.
I’m just asking if auto renew should happen before the email. On the last system I was on I only got notices if renewal failed. That’s all I really care about anyhow.
I have the same. I have now set it to 31. I was looking here (not the same domain as the 7 day email but the first alphabetically) I’ll have to double check the emails and go domain by domain to make sure they didn’t get switched off some how:
OK. I went through. Some had updated recently so the auto renew is working. None had auto renew turned off so I’m a little disturbed by the 7 day notice though the domain did eventually auto renew.
@joe Are you saying the 21 days was the recommended? I wonder if they changed. I mean you can see the quoted email above. Maybe their documentation is out of sync?
Stop throwing out different numbers. You originally said it started warning you 30 days before, which is the recommended time to renew from Let’s Encrypt.
That’d be weird. I don’t know why Jamie would choose 21 days instead of the 30 days the regular Let’s Encrypt clients do on autorenew.
But, if everything is right, you never have to think about it. Obviously, if you’re seeing warnings and it hasn’t auto-renewed, something is wrong.
Oh, wait. You said the email came from Let’s Encrypt. But, that would mean you aren’t managing your certs with Virtualmin. So I don’t know why we’re talking about Virtualmin’s renewal dates…you created your cert(s) using certbot directly, I guess? We can’t do anything about what happens there.
I think (not know for sure) that this may have to do with a problem some of us were having with certs not auto-renewing some months back. Someone posted some code as a temporary workaround, and I do recall patching some file or another to implement it.
Since then, I receive the same notices from LE for a handful of sites, but the certs do renew on their own. (I have never installed an LE cert other than through Virtualmin.)
My guess is that the certs obtained while that workaround was being used generate the expiration notices from LE. Maybe it used certbot?
I really don’t know for sure because I never took any notes about which certs renewed when. But I do get the notices on a few sites.
Turns out Let’s Encrypt doesn’t handle manual changes. Add a sub domain or request a new cert and the old notification doesn’t get shut off.
Webmin does handle everything. I remember with the Discourse software you can add an email address in the config for Let’s Encrypt. I don’t remember doing anything in Webmin/Virtualmin. Maybe I’ll check some settings if I’m so inclined later.
I’ve asked Jamie if we can align our default renewal date (30 days pre-expiry) with that of Let’s Encrypt. I don’t see any reason to do things differently from them on this front.
I’m still not sure I understand what’s going on with notifications in your case. I only get notification from Webmin about my LE certs managed by Virtualmin, but maybe LE is sending them and they’re just ending up in a mailbox I don’t look at, or something.
This is recent from their site. I’m guessing this is where the 21 days came from.
Last updated: Jan 9, 2023 | See all Documentation
Subscribing
If you provide an email address to Let’s Encrypt when you create your account, we’ll do our best to automatically send you expiry notices when your certificate is coming up for renewal. We try to send the first notice at 20 days before your certificate expires, and the second and final notice at 7 days before it expires. We recommend that you rely on your ACME client to automatically renew your certificates, and only use these expiry notices as a warning to check on your automation.
So, they are out of sync on their end as to the dates. You get the emails if you have an account that seems to be related to certbot. I don’t remember setting it up on my own but lots of stuff going on when I set the server up and had to manually bring stuff over from Webuzo.
