Wildcart Cert - I can disregard mail notifications about expiring subdomain certs, correct?
-
My "domain1.com" with Hetzner is set to "Let's Encrypt Prod - Wildcard" in cloudron. I currently receive mails from Let's Encrypt regarding expiring certs for subdomains, e.g. cert for
bit.domain1.comwhich is expiring in 6 days - but I can disregard that, as the wildcard domain has still 43 days, correct?
From the log:2024-03-11T05:03:58.587Z box:tasks update 15838: {"percent":5,"message":"Ensuring certs of my.domain1.com"} 2024-03-11T05:03:58.601Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true 2024-03-11T05:03:58.607Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481936342593 2024-03-11T05:03:58.608Z box:reverseproxy ensureCertificate: my.domain1.com acme cert exists and is up to date 2024-03-11T05:03:58.608Z box:reverseproxy needsRenewal: false. force: false 2024-03-11T05:03:58.608Z box:tasks update 15838: {"percent":9,"message":"Ensuring certs of rt.domain1.com"} 2024-03-11T05:03:58.619Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true 2024-03-11T05:03:58.626Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481914351852 2024-03-11T05:03:58.924Z box:tasks update 15838: {"percent":65,"message":"Ensuring certs of bit.domain1.com"} 2024-03-11T05:03:58.940Z box:reverseproxy providerMatchesSync: subject=CN = *.domain1.com domain=*.domain1.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true 2024-03-11T05:03:58.949Z box:reverseproxy ensureCertificate: bit.domain1.com acme cert exists and is up to date 2024-03-11T05:03:58.949Z box:reverseproxy expiryDate: subject=CN = *.domain1.com notBefore=Jan 24 19:20:32 2024 GMT notAfter=Apr 23 19:20:31 2024 GMT daysLeft=43.59481540509259 2024-03-11T05:03:58.949Z box:reverseproxy needsRenewal: false. force: falseand:
2024-03-11T05:04:01.683Z box:tasks update 15838: {"message":"Checking expired certs for removal"} box:reverseproxy expiryDate: subject=CN = bit.domain1.com notBefore=Dec 18 22:10:19 2023 GMT notAfter=Mar 17 22:10:18 2024 GMT daysLeft=6.7126884375 2024-03-11T05:04:01.726Z -
@necrevistonnezr yes, that's correct, those can be disregarded. I am assuming those notifications come from an earlier cert you got from LE for bit.domain1.com . Maybe outside of Cloudron or maybe you switched from wildcard to progammatic DNS in Cloudron.
-
G girish marked this topic as a question on
-
BTW, to be doubly sure, you can always inspect the cert in your browser. Check the cert expiration time. For example, in firefox, I see something like:
-
BTW, to be doubly sure, you can always inspect the cert in your browser. Check the cert expiration time. For example, in firefox, I see something like:
@girish Thanks! I hadn't thought of checking the certificate in the browser - yes, all is good.
-
G girish has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login