The certificate served at c2sp.org, managed as part of the “filippo” app, expires on Nov 14 23:24:03 2022 GMT, which is awfully close.
Certificate chain
0 s:CN = c2sp.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 16 23:24:04 2022 GMT; NotAfter: Nov 14 23:24:03 2022 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
flyctl certs
says that everything is ok with that certificate.
The certificate for c2sp.org has been issued.
Hostname = c2sp.org
DNS Provider = aws
Certificate Authority = Let's Encrypt
Issued = rsa,ecdsa,rsa,ecdsa
Added to App = 6 months ago
Source = fly
The DNS record points to the Fly.io app.
$ dig +short c2sp.org
213.188.195.45
$ dig +short filippo.fly.dev
213.188.195.45
It doesn’t look like a new one has been issued yet at all: crt.sh | c2sp.org.
This looks related to Certificate hasn't auto-renewed and will expire in 11 days and I have also noticed alerts for other certificates over time, but never this close.
Besides generating alerts in my certificate monitoring system, cutting renewals so close is dangerous in case Let’s Encrypt was to have an outage. Is everything working as intended?