Let's Encrypt SSL renewals prompt despite set to Auto-Renew


#1

I just received an email from Let’s Encrypt Expiry Bot expiry@letsencrypt.org, prompting me to renew my SSL, despite auto-renewal enabled on the application since day one of the SSL cert.

Further, I received that notice at an email address that has no relationship to the application or my Cloudways admin account.

First, do I need to act on this notice or will the auto-renewal do it’s job?

Second, is typical, or possibly a phishing attempt?

Blockquote
Your certificate (or certificates) for the names listed below will expire in 20 days (on 17 Sep 18 15:56 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.


#2

I’ve received emails such as this, as a reminder. If auto renew is set, then there’s nothing to act upon.

If you are concerned about where it came from, view the email header in the source.

This is most likely a legit reminder.


#3

This email is a good reminder to do a quick check to make sure the cert renewed and https is working correctly. If it doesn’t auto renew and you can’t renew it manually from the Cloudways platform, then you have some .htaccess rules blocking the renewal.

The email is generated by Let’s Encrypt (the certificate issuer), not Cloudways. It should be using the email address you used on the SSL cert. Did you use your personal email there?


#4

Thanks @hello5.

I did forget, this server has two wordpress apps (unrelated domains) with SSL. I received the email at the address associated with app one (first to get SSL), for app two’s renewal. I don’t recall any setup steps after enabling Lets Encrypt via the Cloudways portal, for app two. Perhaps it inherited the first app’s info.

Both sites show the certificate being tied to their respective domains.

Perhaps the lesson here is to not host differing secure sites from the same server? Or is the Cloudways integration with Let’s Encrypt not set up to handle multiples? Or should I be using some kind of wildcard SSL? Sorry for the newbie questions…not a developer.


#5

@sevens, it’s perfectly fine to have multiple apps with their own Let’s Encrypt SSL certs. (However, it is recommend by Cloudways to use one app per server for troubleshooting, scaling and performance reasons.)

Sounds like everything is set up just fine with your server and apps. You can expect to get emails for each cert you have. Just add a calendar reminder to check your website after the renewal date. To check, visit your website after the renewal date using https and there should be no errors. If there are errors, you may need to follow my instructions above about the .htaccess file.