Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
Thanks! -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Wed, Oct 21, 2020 at 6:15 AM Henrik K wrote: > > FYI this can be ignored, just some leftover.. sa-vm/ruleqa uses *. > spamassassin.org cert. > > On Tue, Oct 20, 2020 at 04:45:26PM +, Let's Encrypt Expiry Bot wrote: > > Hello, > > > > Your certificate (or certificates) for the names listed below will > expire in 20 days (on 09 Nov 20 16:47 +). Please make sure to renew > your certificate before then, or visitors to your website will encounter > errors. > > > > We recommend renewing certificates automatically when they have a third > of their > > total lifetime left. For Let's Encrypt's current 90-day certificates, > that means > > renewing 30 days before expiration. See > > https://letsencrypt.org/docs/integration-guide/ for details. > > > > ruleqa.spamassassin.org > > > > For any questions or support, please visit > https://community.letsencrypt.org/. Unfortunately, we can't provide > support by email. > > > > For details about when we send these emails, please visit > https://letsencrypt.org/docs/expiration-emails/. In particular, note that > this reminder email is still sent if you've obtained a slightly different > certificate by adding or removing names. If you've replaced this > certificate with a newer one that covers more or fewer names than the list > above, you may be able to ignore this message. > > > > If you are receiving this email in error, unsubscribe at > http://mandrillapp.com/track/unsub.php?u=30850198=4ea059329d5f4adf921177e08090115d.bwhb%2FBPfWM93iQ5gciTRITHDm2Y%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Ds%252A%252A%252A%252A%2540s%252A%252A%252A%252A.%252A%252A%252A > > > > Regards, > > The Let's Encrypt Team >
Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
FYI this can be ignored, just some leftover.. sa-vm/ruleqa uses *.spamassassin.org cert. On Tue, Oct 20, 2020 at 04:45:26PM +, Let's Encrypt Expiry Bot wrote: > Hello, > > Your certificate (or certificates) for the names listed below will expire in > 20 days (on 09 Nov 20 16:47 +). Please make sure to renew your > certificate before then, or visitors to your website will encounter errors. > > We recommend renewing certificates automatically when they have a third of > their > total lifetime left. For Let's Encrypt's current 90-day certificates, that > means > renewing 30 days before expiration. See > https://letsencrypt.org/docs/integration-guide/ for details. > > ruleqa.spamassassin.org > > For any questions or support, please visit > https://community.letsencrypt.org/. Unfortunately, we can't provide support > by email. > > For details about when we send these emails, please visit > https://letsencrypt.org/docs/expiration-emails/. In particular, note that > this reminder email is still sent if you've obtained a slightly different > certificate by adding or removing names. If you've replaced this certificate > with a newer one that covers more or fewer names than the list above, you may > be able to ignore this message. > > If you are receiving this email in error, unsubscribe at > http://mandrillapp.com/track/unsub.php?u=30850198=4ea059329d5f4adf921177e08090115d.bwhb%2FBPfWM93iQ5gciTRITHDm2Y%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Ds%252A%252A%252A%252A%2540s%252A%252A%252A%252A.%252A%252A%252A > > Regards, > The Let's Encrypt Team
Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
On 4/3/19 11:00 AM, Bill Cole wrote: On 3 Apr 2019, at 10:17, Jari Fredriksson wrote: You should automate the renew to a cronjob. Not too hard. LE renewal with certbot was automated with a systemd timer some time ago. The actual cause of this notice appears to be that there used to be an independent certificate for ruleqa.spamassassin.org, whereas now there is a wildcard certificate ( Subject=spamassassin.org with *.spamassassin.org as a Subject Alternative Name.) The renewal notices are generated by letsencrypt.org unilaterally and there's no way for them to notice when a cert is no longer being used and therefore does not need to be renewed, so this notice is about a non-problem. br. jarif Kevin A. McGrail kirjoitti 3.4.2019 kello 2.00: I moderated this through. -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot < exp...@letsencrypt.org> wrote: Hello, Your certificate (or certificates) for the names listed below will expire in 19 days (on 22 Apr 19 22:20 +). Please make sure to renew your certificate before then, or visitors to your website will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. ruleqa.spamassassin.org For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email. If you are receiving this email in error, unsubscribe at http://mandrillapp.com/track/unsub.php?u=30850198=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 Regards, The Let's Encrypt Team Bill is correct. Switched from a specific ruleqa.spamassassin.org to *.spamassassin.org on sa-vm1.apache.org so we just need to let the ruleqa.spamassassin.org go and ignore this notification for now. The renewal for *.spamassassin.org using certbot is automated and cron'd so future notifications should be taken seriously. I have monitoring setup at ena.com (my day job) to monitor sa-vm1 and the active LE cert expiration at https://ruleqa.spamassassin.org. Thanks, Dave
Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
On 3 Apr 2019, at 10:17, Jari Fredriksson wrote: You should automate the renew to a cronjob. Not too hard. LE renewal with certbot was automated with a systemd timer some time ago. The actual cause of this notice appears to be that there used to be an independent certificate for ruleqa.spamassassin.org, whereas now there is a wildcard certificate ( Subject=spamassassin.org with *.spamassassin.org as a Subject Alternative Name.) The renewal notices are generated by letsencrypt.org unilaterally and there's no way for them to notice when a cert is no longer being used and therefore does not need to be renewed, so this notice is about a non-problem. br. jarif Kevin A. McGrail kirjoitti 3.4.2019 kello 2.00: I moderated this through. -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot < exp...@letsencrypt.org> wrote: Hello, Your certificate (or certificates) for the names listed below will expire in 19 days (on 22 Apr 19 22:20 +). Please make sure to renew your certificate before then, or visitors to your website will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. ruleqa.spamassassin.org For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email. If you are receiving this email in error, unsubscribe at http://mandrillapp.com/track/unsub.php?u=30850198=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 Regards, The Let's Encrypt Team -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole
Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
You should automate the renew to a cronjob. Not too hard. br. jarif > Kevin A. McGrail kirjoitti 3.4.2019 kello 2.00: > > I moderated this through. > -- > Kevin A. McGrail > Member, Apache Software Foundation > Chair Emeritus Apache SpamAssassin Project > https://www.linkedin.com/in/kmcgrail - 703.798.0171 > > > On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot < > exp...@letsencrypt.org> wrote: > >> Hello, >> >> Your certificate (or certificates) for the names listed below will expire >> in 19 days (on 22 Apr 19 22:20 +). Please make sure to renew your >> certificate before then, or visitors to your website will encounter errors. >> >> We recommend renewing certificates automatically when they have a third of >> their >> total lifetime left. For Let's Encrypt's current 90-day certificates, that >> means >> renewing 30 days before expiration. See >> https://letsencrypt.org/docs/integration-guide/ for details. >> >> ruleqa.spamassassin.org >> >> For any questions or support, please visit >> https://community.letsencrypt.org/. Unfortunately, we can't provide >> support by email. >> >> If you are receiving this email in error, unsubscribe at >> http://mandrillapp.com/track/unsub.php?u=30850198=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org >> >> You may need to update your client to the latest version in case it is >> still using the deprecated TLS-SNI-01 validation method. >> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 >> >> Step-by-step instructions for updating Certbot are here: >> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 >> >> Regards, >> The Let's Encrypt Team >>
Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
I moderated this through. -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot < exp...@letsencrypt.org> wrote: > Hello, > > Your certificate (or certificates) for the names listed below will expire > in 19 days (on 22 Apr 19 22:20 +). Please make sure to renew your > certificate before then, or visitors to your website will encounter errors. > > We recommend renewing certificates automatically when they have a third of > their > total lifetime left. For Let's Encrypt's current 90-day certificates, that > means > renewing 30 days before expiration. See > https://letsencrypt.org/docs/integration-guide/ for details. > > ruleqa.spamassassin.org > > For any questions or support, please visit > https://community.letsencrypt.org/. Unfortunately, we can't provide > support by email. > > If you are receiving this email in error, unsubscribe at > http://mandrillapp.com/track/unsub.php?u=30850198=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org > > You may need to update your client to the latest version in case it is > still using the deprecated TLS-SNI-01 validation method. > https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 > > Step-by-step instructions for updating Certbot are here: > https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 > > Regards, > The Let's Encrypt Team >