Certificate expirey emails (where are they sent from?)

Does Letsencrypt still send out cert expiry emails? The last one I got was in February - I did not get one lately and noticed my cert had expired. They previously seem to come from:

mandrillapp.com (The Rocket Science Group)
198.2.186.0/24

Which I believe is ultimately MailChimp?

If they are still being sent, my router's IP blocking list (which is used by my mail server) would have blocked it.

If they are now coming from some other mail provider, can someone please tell me who they are, or (better) what the general IP address block they are sent out from?

At this time we're still using Mandrill to send emails.

There was recently a few issues where we haven't kept up with sending emails, see some more information here: Revert "Allow expiration mailer to work in parallel" by aarongable · Pull Request #6080 · letsencrypt/boulder · GitHub

3 Likes

Just want to add that I too failed to receive expiration notifications for two different certs. I really appreciate these. Please get this working.

We are continuing to work on improving the reliability of expiry notifications.

EG, expiration-mailer: avoid re-examining certificates by jsha · Pull Request #6100 · letsencrypt/boulder · GitHub

I would suggest that the best thing to do is have automation which renews your certificates for you and doesn't rely on expiry emails, but of course we will continue working on making them as reliable as they can be.

3 Likes

Since last 2 years, one of my certs got renewed automatically, but this time i got a mail saying it is going to expire in 11 days, what could be the possible cause for not getting renewed automatically. Other certs from the same AKS cluster are getting renewed as per its schedule.