How do I verify my SSL expiration with Let'sEncrypt?

I set up SSL with Let’sEncrypt a while back, haven’t set up auto renewal quite yet. Got an email that says the certificate for will be expiring Oct 3. But I have an iPhone app called SSL CHECKER that says it is valid until Nov 21. Any idea why the discrepancy?

4 Replies and are using a certificate that expires November 21, as your iPhone app says. It looks like nothing's wrong, and you can probably ignore this warning.

The Let's Encrypt warning system doesn't know which certificates you're using. It just knows about all certificates that exist. It considers a certificate renewed if a new certificate with the exact set of hostnames exists. If you do something like add or remove a subdomain, or delete a certificate, it will eventually warn you that the old one is expiring. (information currently up to September 9)

There are a number of certificates for different combinations of hostnames involving your domain. It looks like this certificate, for only the single name "", is expiring soon:

Your web server is using a different certificate. You probably replaced it long ago. If you deleted it and nothing is using it, you don't need to do anything about it.

When I check expiry dates for my 3 websites, I got some errors. Can anyone shed light on this?

certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/ prod uced an unexpected error: expected /etc/letsencrypt/live/ .pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/ produ ced an unexpected error: expected /etc/letsencrypt/live/ em to be a symlink. Skipping.

Found the following certs:
Certificate Name:
Domains: www.flywithm
Expiry Date: 2018-11-21 14:38:05+00:00 (VALID: 64 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Certificate Name:
Expiry Date: 2018-10-18 12:12:32+00:00 (VALID: 30 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/
Certificate Name:
Expiry Date: 2018-10-18 12:09:33+00:00 (VALID: 30 days)
Certificate Path: /etc/letsencrypt/live/ em
Private Key Path: /etc/letsencrypt/live/

The following renewal configuration files were invalid:

Can you recall what's happened to Certbot's files? Did you delete or rename things, or copy or restore from a backup that might have transformed symlinks into copies of the target files?

You might have deleted two extra certificates, but missed some of the files?

Can you post "sudo ls -alR /etc/letsencrypt/{archive,live,renewal}"?

Are there any other issues with Certbot or your web server?

The second and third certificates are redundant with the first one, though that isn't really a problem. Your web server is currently using them, so you'd have to update its configuration if you want to delete them.

For future reference, you can delete certificates with e.g. "sudo certbot delete --cert-name".


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct