Disable expiration emails for updated certificates

We’ve noticed that when we use certbot to update the domains of a certificate (e.g. using the --expand flag) Let’s Encrypt will still send expiration emails for the old certificate. This matches what is said in the docs:

If your certificate is already renewed, we won’t send an expiry notice. We consider a certificate to be renewed if there is a newer certificate with the exact same set of names, regardless of which account created it. If you’ve issued a new certificate that adds or removes a name relative to your old certificate, you will get expiration email about your old certificate.

Is there any way to prevent the expiration email for the old certificate from being sent?

Would there be any negative effects if we just provided Let’s Encrypt a dummy email when generating the certificate? Or is there a way to disable expiration emails altogether?

Kinda. If you revoke every unexpired certificate for the unexpanded version, you shouldn’t get any messages about it. But this is super hacky and probably a bit impolite to Let’s Encrypt’s server resources.

You do not have to provide an email address when registering an ACME account. With Certbot, this is with --register-unsafely-without-email. With other ACME clients, it will vary.

And of course, you can hit the unsubscribe link in any of those emails, to completely unsubscribe your email address from any emails from the expiry bot.

1 Like