Add Serialnumber to expiration notices, add local history of certificates to certbot

Hey Letsencrypt!

It would be nice to add the seriial number of the expiring certificate to your expiration notice emails.
Just to give users the possibility to check if the notice is actually talking about the currently active certificate.
It would also be great if certbot could save a short history locally of used certificates to make those notices more transparent.

Kind regards,
Volker

Certbot stores all previously issued certificates (and current by the way) in the /etc/letsencryt/archive/ directory, so you could easily search for certain stuff in there. E.g., might LE add serials to the expiration emails (I think this has been asked before), you might do:

find /etc/letsencrypt/archive/ -type f -iname "cert*" -printf "%p: " -exec openssl x509 -noout -serial -in {} \; | grep -i $(echo 01:23:45:67:89:0a:bc:de:f1:12:34:56:78:90:ab:cd:ef:01 | sed 's/://g')

to find a certain certificate. (Note that the whole $(echo | sed) part is just to get rid of the colons when I copy/pasted a certain [redacted] serial number from crt.sh to test things out. If you have a serial number without colons, you can just use it directly as the grep argument.)

For any Certbot related feature requests I'd like to refer you to the Github repository to open a feature request there: Issues · certbot/certbot · GitHub Currently however, the Certbot team is very tiny and doesn't have much time, so big things like adding a feature to search for current or previous certificates might not be implemented for quite some time, if ever.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.