Documentation  〉SSL Expiration Notifications

What does it do?

The SSL expiration notifications option sends notifications 30, 14, 7 and 1 day(s) before your SSL certificates expire. They are useful reminders to renew certificates (for the manual ones), or to warn you in case of issue with automatic renewal. These notifications are sent at 10am in your timezone to reduce disruption as they are not critical.

For shorter certificates (e.g. Let's Encrypt or ZeroSSL which last 3 months), the 30 days notification is skipped and you only get them 14, 7, and 1 day(s) before.

This is because these short duration automated certificates are supposed to be renewed after 60 days (so 30 days before expiration) according to let's encrypt recommendations. Most ACME clients follow those recommendations and that's why I disabled the 30 days warning to avoid unnecessary alerts, but kept the 14 days one to make sure you know if there's any issues with the automatic renewal and have time to fix it.

Why do I still receive notifications for my automated certs?

Sometimes people (or hosting providers) prefer to push back the automatic renewal to occur much closer to expiration (e.g. 5 days before), probably because it's slightly more efficient in terms of ressource. In that case, you can receive the 14 days and 7 days notifications every time, even though everything is working as expected.

This is more dangerous though (less time to fix in case of problem) so it's not recommended and it's not a case that I intend to implement specific support for. If you are in this situation, I would recommend:

  1. Trying to get back into the recommended renewal schedule of 30 days before expiration (or asking your hosting provider to do so)
  2. Just live with the notifications (optionally write an email rule to ignore some of them)
  3. Disable the notifications entirely in the account settings if you trust the renewal

Adrien Rey-Jarthon
Created on December 11, 2023 · Suggest changes to this page