Ending Support for Expiration Notification Emails
letsencrypt.org
Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be ending this service on June 4, 2025. The decision to end this service is the result of the following factors: Over the past 10 years more and more of our subscribers have been able to put reliable automation into place for certificate renewal. Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records.

I think it’s a good idea, everyone should be automating this anyway.

  • SirMaple__@lemmy.worldEnglish
    7·
    20 hours ago

    I manage all my certs using Cert Warden which has a dashboard that displays the expiry date. It does lack alerting, so I use Uptime-kuma to monitor the expiry dates of the certs. So not a big loss for me.

  • SkyNTP@lemmy.mlEnglish
    8·
    1 day ago

    I think it’s a good idea, everyone should be automating this anyway.

    This is still not possible in all scenarios. For example, wildcard certificates for DNS providers with no API support.

      • ramble81@lemm.eeEnglish
        31·
        24 hours ago

        There are a lot of embedded systems that do not offer API support to swap out certificates. Things like switches, dvr, nas devices, etc.

        • ShortN0te@lemmy.mlEnglish
          1·
          8 hours ago

          How are those devices affected by having no notification anymore? The manual labor exists anyway.

          Most network switches and devices have a web gui to switch them out. Those can be automated.

        • rmuk@feddit.ukEnglish
          4·
          23 hours ago

          Honestly in rare situations that a device like that needs to be accessible from the wild Internet I think it’d be mad to expose it directly, especially if it’s not manageable as you suggest. At the very least, I’d be leaning on a reverse proxy.

          • ramble81@lemm.eeEnglish
            41·
            23 hours ago

            That implies though I don’t want valid certificates in my environment. I still want to make sure even on my private network I’m using valid certs. A lot of security departments require that too even if the device isn’t public facing.

            • cm0002@lemmy.worldEnglish
              3·
              23 hours ago

              still want to make sure even on my private network I’m using valid certs. A lot of security departments require that too even if the device isn’t public facing.

              Is there a hard source with evidence that this is at all needed? Because there are a lot of things that “security departments” do that amount to security theater. Like forcing arbitrary password changes org wide.

              • ramble81@lemm.eeEnglish
                2·
                23 hours ago

                Regardless of “hard evidence” it’s still the company policy. How well does it go over if you try to say “well acktuslly…” when it comes to password changes.

                • cm0002@lemmy.worldEnglish
                  3·
                  23 hours ago

                  How well does it go over if you try to say “well acktuslly…” when it comes to password changes.

                  Well, it went over easy, but I also gained the authority to implement or toss such policies when I took my job LMAO

                  In any case, I was referring to the “my environment” part since it implied you had such authority and were just choosing to emulate policies of others, ofc I don’t mean to make decisions you don’t have the authority to. Hard evidence is hard evidence though, it does give you a leg to stand on should you propose such changes

            • wildbus8979@sh.itjust.worksEnglish
              2·
              22 hours ago

              I’m with you, but that’s why I’m automating certificate expiry checking somewhere else (in my home assistant install to be exact).