Wildcart Cert - I can disregard mail notifications about expiring subdomain certs, correct?
Solved
Support
-
My "domain1.com" with Hetzner is set to "Let's Encrypt Prod - Wildcard" in cloudron. I currently receive mails from Let's Encrypt regarding expiring certs for subdomains, e.g. cert for
bit.domain1.com
which is expiring in 6 days - but I can disregard that, as the wildcard domain has still 43 days, correct?
From the log:2024-03-11T05:03:58.587Z box:tasks update 15838: {"percent":5,"message":"Ensuring certs of my.domain1.com"} 2024-03-11T05:03:58.601Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true 2024-03-11T05:03:58.607Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481936342593 2024-03-11T05:03:58.608Z box:reverseproxy ensureCertificate: my.domain1.com acme cert exists and is up to date 2024-03-11T05:03:58.608Z box:reverseproxy needsRenewal: false. force: false 2024-03-11T05:03:58.608Z box:tasks update 15838: {"percent":9,"message":"Ensuring certs of rt.domain1.com"} 2024-03-11T05:03:58.619Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true 2024-03-11T05:03:58.626Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481914351852 2024-03-11T05:03:58.924Z box:tasks update 15838: {"percent":65,"message":"Ensuring certs of bit.domain1.com"} 2024-03-11T05:03:58.940Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true 2024-03-11T05:03:58.949Z box:reverseproxy ensureCertificate: bit.domain1.com acme cert exists and is up to date 2024-03-11T05:03:58.949Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481540509259 2024-03-11T05:03:58.949Z box:reverseproxy needsRenewal: false. force: false
and:
2024-03-11T05:04:01.683Z box:tasks update 15838: {"message":"Checking expired certs for removal"} box:reverseproxy expiryDate: subject=CN = bit.domain1.com notBefore=Dec 18 22:10:19 2023 GMT notAfter=Mar 17 22:10:18 2024 GMT daysLeft=6.7126884375 2024-03-11T05:04:01.726Z
-
@necrevistonnezr yes, that's correct, those can be disregarded. I am assuming those notifications come from an earlier cert you got from LE for bit.domain1.com . Maybe outside of Cloudron or maybe you switched from wildcard to progammatic DNS in Cloudron.
-
-
BTW, to be doubly sure, you can always inspect the cert in your browser. Check the cert expiration time. For example, in firefox, I see something like:
-