←back to thread

LetsEncrypt – Expiration Notification Service Has Ended

(letsencrypt.org)
181 points zdw | 10 comments | 30 Jun 25 04:49 UTC | HN request time: 0.001s | source | bottom
Show context
leakycap ◴[30 Jun 25 04:52 UTC] No.44419518[source]
One could say it expired.

> Providing expiration notifications costs Let’s Encrypt tens of thousands of dollars per year, money that we believe can be better spent on other aspects of our infrastructure.

Appreciate the honesty (they had other reasons, too! but emails are a pain and expensive at their scale)

replies(2): >>44420397 #>>44420498 #
genewitch ◴[30 Jun 25 07:34 UTC] No.44420498[source]
tens of thousands of dollars? that's it? No one can just write them a check? switchgear costs more than that!
replies(6): >>44420556 #>>44420984 #>>44421195 #>>44421321 #>>44421642 #>>44422816 #
1. jbverschoor ◴[30 Jun 25 08:53 UTC] No.44420984[source]
Not sure why, but many large companies that rely heavily on any open source/free initiative don’t donate. It’s sickening tbh
replies(2): >>44421024 #>>44421507 #
2. szszrk ◴[30 Jun 25 09:00 UTC] No.44421024[source]
Why discuss it here? Let's Encrypt has a shitload of corporate sponsorship. Look at their main page.
replies(1): >>44421480 #
3. udev4096 ◴[30 Jun 25 10:12 UTC] No.44421480[source]
Why not? The sponsorship they get is far from enough. For such a significant CA, it should be a lot more than that
replies(1): >>44422341 #
4. lukan ◴[30 Jun 25 10:18 UTC] No.44421507[source]
"Not sure why"

Because companies are for profit usually and any donation they make reduces that profit. That's why open source projects that can offer service contracts, have a easier time getting money from the buisness world, because this is something bookkeeping people understand in the corporate language.

5. szszrk ◴[30 Jun 25 12:18 UTC] No.44422341{3}[source]
Do you have some links to their financial reports for last years? I'd love to see that.

> Why not?

Because I believe it is "sickening" expressing how "sickening (...) it is that large companies don't support open source/free initiative" when discussing one of the projects that do global-scale operations purely on corporate and personal donations. Somehow Let's Encrypt themself don't express that sickening in their blogs and websites. They do thank their sponsors, though.

replies(1): >>44425091 #
6. eszed ◴[30 Jun 25 16:24 UTC] No.44425091{4}[source]
Hey, I was actually in this position at work a few years ago, when I set up a couple of internal (monitoring stuff) servers for my own use. I used Let's Encrypt, because I use them (for free) at home (media server), and know how it works.

I wanted to throw them some (of work's) cash, and... the only two options were "Sponsor", and "Donate". Sponsorship was, uh, wrong for my use-case: it starts at some multiple-thousands of dollars. Donating would be the obviously correct choice, but putting something marked "donation" onto a corporate card would occasion a... Weird conversation, in which "you could have got this for free, but you're choosing to send them money?" would likely have been raised. I went with free, and was sad about it.

Yes, corporate expectations and affordances around FOSS should change - and, I probably could have persuaded my employer that a few dollars a month for Let's Encrypt was the Right Thing To Do, so I'm a little bit of a coward - but LE would make it so much easier if there was a Send Us Money option that looks like a fee for service, rather than a donation. (Maybe being a 501c(3) precludes that? I don't know.)

There's the "Corporate doesn't understand FOSS" problem, but there's also a "FOSS doesn't speak Corporatese" obstacle there, too.

In the end I sent LE $20, or something, of my own money (I've had years of trouble-free use on my media server, and should have before), but they'd have had $5 / month of work's cash for years if they'd made that easier to do.

replies(2): >>44425611 #>>44440129 #
7. szszrk ◴[30 Jun 25 17:07 UTC] No.44425611{5}[source]
They are (Internet Security Research Group) a non-profit, so maybe it would be hard to provide official services like you describe?

I still can't find proper data on their financials, but at least below report (page 42) says only 10% of their revenue is donations. And 48% out of total spending is LE.

https://www.isrg.org/documents/2024-ISRG-Annual-Report.pdf

replies(1): >>44425928 #
8. Jarwain ◴[30 Jun 25 17:38 UTC] No.44425928{6}[source]
It may not even have to be an official service, just something that shows up on a CC statement as something other than a "donation".

Or hey maybe they could charge for these expiration notifications.

replies(1): >>44427409 #
9. szszrk ◴[30 Jun 25 20:21 UTC] No.44427409{7}[source]
I'm really not sure if that kind of organization can simply sell services like that. I'm guessing IRS doesn't care of that CC statement was official or not :)
10. pabs3 ◴[02 Jul 25 03:57 UTC] No.44440129{5}[source]
There is a video here where FOSS donations confuses an accountant:

https://www.youtube.com/watch?v=VTY-lQ3S1gw

You could instead frame it as a payment for your dependency on the future existence of the FOSS you are using for free.