Let's Encrypt Expire Bot showing different date then command line

Question

Today I got an email notification from Let's Encrypt Expire Bot that the SSL certificate for my domain will be expired on the 31, july, 2018.

but when I log in to the server, and check the certificate with this command,

echo | openssl s_client -connect mydomaintobeexpired.com:443 2> /dev/null | openssl x509 -noout -dates

I got the following out,

notBefore=Jul  1 21:03:23 2018 GMT
notAfter=Sep 29 21:03:23 2018 GMT

So it looks like everything is OK?

Why does Let's Encrypt Expire Bot give me a different expiring date then what the command line shows?

Any reason why downvoting for this question?

Without knowing the exact FQDN mentioned in the LE mail, your certificate and the real domain names one cannot give an answer. — Michael Ströder, Jul 23 '18 at 08:58

score 1 · Answer 1 · answered Jul 24 '18 at 13:31

This happens if you obtain a new certificate before the old one expires, without explicitly renewing or adding names to the existing certificate.

As far as Let's Encrypt is concerned, you now have two distinct certificates for the same name with two different expiration dates.

So, LE will send you email when the older certificate is about to expire. This doesn't mean the newer certificate is about to expire, as it is a completely different certificate.

You only need to worry about whether you are still using the old certificate somewhere instead of the new one.

Let's Encrypt Expire Bot showing different date then command line

1 Answers1