LetsEncrypt – Expiration Notification Service Has Ended

(letsencrypt.org)

181 points zdw | 2 comments | 30 Jun 25 04:49 UTC | HN request time: 0.4s | source

Show context

scrapheap ◴[30 Jun 25 10:01 UTC] No.44421396[source]▶

>>44419496 (OP) #

This makes sense to me. You should never rely on your CA to let you know that a certificate is due to expire soon, you should have your own monitoring in place that actively checks this for you.

replies(2): >>44421753 #>>44421782 #

bo1024 ◴[30 Jun 25 11:03 UTC] No.44421782[source]▶

>>44421396 #

As a hobbyist without a lot of time for sysadmin, it would be nice if basic email monitoring was a standard package (apt install letsencrypt-monitors or something).

replies(3): >>44421841 #>>44422380 #>>44423233 #

1. jeroenhd ◴[30 Jun 25 13:48 UTC] No.44423233[source]▶

>>44421782 #

You can get pretty close to this by (1) setting up certbot and (2) configuring your system to actually send emails if cron jobs fail.

I can see the use in a tool that will scan all certificates configured in local web servers and monitors for close expiration dates, though. Not just Let's Encrypt, but also any other ACME accounts and certificate directories you may need. The biggest challenge would probably be dealing with encrypted certificate files, and after that getting email set up correctly. Nobody seems to have made it because it's so easy to script or add to a pre-existing monitoring system, so this could be a fun open source project. You probably can't use the letsencrypt brand name, though.

replies(1): >>44424941 #

2. JohnTHaller ◴[30 Jun 25 16:09 UTC] No.44424941[source]▶

>>44423233 (TP) #

Emails sent from most hosting servers won't actually get to your inbox, unfortunately.

↑