Conversation

Notices

Embed this notice
James Morris (jmorris@social.kernel.org)'s status on Wednesday, 05-Feb-2025 02:38:15 JST James Morris

"We’re writing to inform you that we intend to discontinue sending expiration notification emails. " https://letsencrypt.org/2025/01/22/ending-expiration-emails/

Understandable, but I'm guessing this will cause a lot of breakage for a while & train people to click through browser security warnings. Thoughts?
In conversation about 2 days ago from social.kernel.org permalink
Attachments
1. Domain not in remote thumbnail source whitelist: letsencrypt.org
  
  Ending Support for Expiration Notification Emails
  
  Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be ending this service on June 4, 2025. The decision to end this service is the result of the following factors: Over the past 10 years more and more of our subscribers have been able to put reliable automation into place for certificate renewal. Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records.
- Embed this notice
  Kees Cook :tux: (kees@fosstodon.org)'s status on Thursday, 06-Feb-2025 01:54:10 JST Kees Cook :tux:
  in reply to
  - K. Ryabitsev ????
  - Paul Moore
  @securepaul @monsieuricon @jmorris I didn't even know this feature existed! I'm genuinely curious, though: doesn't everyone using certbot just automatically renew? (And don't orgs who need to care about service availability already have an external status checking system?) Again, I'm not trying to be obtuse, but how were these emails used?
  
  In conversation about a day ago permalink
- Embed this notice
  Michael K Johnson (mcdanlj@social.makerforums.info)'s status on Thursday, 06-Feb-2025 01:54:10 JST Michael K Johnson
  in reply to
  @kees @securepaul @monsieuricon @jmorris I have one server where I've done something that breaks certbot, I don't know what, and have never investigated. I just manually renew when I get the email. Lazy me.
  I guess I have some debugging in my future.
  
  In conversation about a day ago permalink
  
  James Morris likes this.
- Embed this notice
  K. Ryabitsev ???? (monsieuricon@social.kernel.org)'s status on Thursday, 06-Feb-2025 01:54:11 JST K. Ryabitsev ????
  in reply to
  - Paul Moore
  @securepaul @jmorris I believe it's more like "we're tired fighting with your email providers."
  
  In conversation about a day ago permalink
  
  James Morris likes this.
- Embed this notice
  Paul Moore (securepaul@fosstodon.org)'s status on Thursday, 06-Feb-2025 01:54:11 JST Paul Moore
  in reply to
  - K. Ryabitsev ????
  @monsieuricon @jmorris Yeah, like I said, I understand why, but that doesn't mean I'm not sad to see it go away.
  
  In conversation about a day ago permalink
- Embed this notice
  Paul Moore (securepaul@fosstodon.org)'s status on Thursday, 06-Feb-2025 01:54:12 JST Paul Moore
  in reply to
  
  @jmorris Agreed. I understand why they are doing it, and I recognize that for many people email isn't a reasonable notification mechanism, but I personally am going to miss this and I worry about the impact it will have in approximately three months.
  
  In conversation about a day ago permalink

Public

Conversation

Notices

Feeds