Wildcart Cert - I can disregard mail notifications about expiring subdomain certs, correct?

necrevistonnezr

My "domain1.com" with Hetzner is set to "Let's Encrypt Prod - Wildcard" in cloudron. I currently receive mails from Let's Encrypt regarding expiring certs for subdomains, e.g. cert for bit.domain1.com which is expiring in 6 days - but I can disregard that, as the wildcard domain has still 43 days, correct?
From the log:

2024-03-11T05:03:58.587Z box:tasks update 15838: {"percent":5,"message":"Ensuring certs of my.domain1.com"}
2024-03-11T05:03:58.601Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-03-11T05:03:58.607Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481936342593
2024-03-11T05:03:58.608Z box:reverseproxy ensureCertificate: my.domain1.com acme cert exists and is up to date
2024-03-11T05:03:58.608Z box:reverseproxy needsRenewal: false. force: false
2024-03-11T05:03:58.608Z box:tasks update 15838: {"percent":9,"message":"Ensuring certs of rt.domain1.com"}
2024-03-11T05:03:58.619Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-03-11T05:03:58.626Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481914351852

2024-03-11T05:03:58.924Z box:tasks update 15838: {"percent":65,"message":"Ensuring certs of bit.domain1.com"}
2024-03-11T05:03:58.940Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
2024-03-11T05:03:58.949Z box:reverseproxy ensureCertificate: bit.domain1.com acme cert exists and is up to date
2024-03-11T05:03:58.949Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481540509259
2024-03-11T05:03:58.949Z box:reverseproxy needsRenewal: false. force: false

and:

2024-03-11T05:04:01.683Z box:tasks update 15838: {"message":"Checking expired certs for removal"}
box:reverseproxy expiryDate: subject=CN = bit.domain1.com notBefore=Dec 18 22:10:19 2023 GMT notAfter=Mar 17 22:10:18 2024 GMT daysLeft=6.7126884375
2024-03-11T05:04:01.726Z

girish

@necrevistonnezr yes, that's correct, those can be disregarded. I am assuming those notifications come from an earlier cert you got from LE for bit.domain1.com . Maybe outside of Cloudron or maybe you switched from wildcard to progammatic DNS in Cloudron.

girish

BTW, to be doubly sure, you can always inspect the cert in your browser. Check the cert expiration time. For example, in firefox, I see something like:

necrevistonnezr

@girish Thanks! I hadn't thought of checking the certificate in the browser - yes, all is good.