Expiration email

Dear sir,
I am a new member, I have not received certificate expiration mail on registered email id. Kindly guide me how to update email id or activate email id so that i could received expiration mails before certificate expired.
Thanks in advance

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

You need to register an email address for your Let's Encrypt ACME account in order to receive certificate expiration notices. This is usually accomplished when you first register your ACME account with your ACME client software (e.g. certbot), but can be done later. How did you get your certificates?

1 Like

at the time of first register my ACME account i registered my email id and i was receiving the emails initially but stop receiving emails don't know why? How can i again register email or may i update the email id for receiving expiration emails. please help.

guys please help me. It's not possible to me to track around 100+ websites for certificate renewal. I am not receiving the expiration notification emails. Please give solution

Hi @saras

may be you have renewed all certificates early enough.

If you have a working configuration, no mail is sent.

What's one of your affected domain names?

2 Likes

Well, the expiration e-mails are just an extra service from Let's Encrypt. I believe most people using Let's Encrypt in such a large system would urge you to invest in such an (automated) certificate tracking system. Also, Let's Encrypt urges you to automate renewals and to renew 30 days before expiry. The expiration e-mails are only send (I believe) 14 days before expiry, so you should have renewed already by that time (if you adhere to the recommendations from Let's Encrypt that is).

In any case, there's not a reason to believe Let's Encrypt themselves have disabled sending you expiry e-mails, but perhaps you clicked on the link at the bottom of these e-mails to unsubscribe? If that's the case, only clicking the unsubscribe link once will disable sending all expiry e-mails to that e-mail address.

Currently, the only solution to fixing the above mentioned unsubscribing is to update your Let's Encrypt ACME account with a different e-mail address. See for more info the documentation about the expiry e-mails: Expiration Emails - Let's Encrypt - Free SSL/TLS Certificates

1 Like

many certificates expired but i have not received any expiration emails then either user or website owner report then only i know that certificate has expired.
In case unsubscribe link was used is there any way to re register or update the email id for expiration emails.
certbot-auto register --update-registration --email new_email@example.com
I tried this cmd but getting error
Unofficial certbot-auto version detected, self-upgrade is disabled: 1.9.0.dev0
Please help how to solve it.
Thanks

it means that i have to re configure certbot setup to auto renewal of certificates and registration of email id for expiration emails.

Yes, the best option is an external monitoring system.

This is an example one built by a community member here

https://letsmonitor.org/

Here is a list of other tools that do this:

Also, many of these open source tools could do this for you if you install them on a server:

Let's Encrypt's expiry notifications are not as well-maintained as the underlying certificate authority—the team behind Let's Encrypt spends much less effort on the expiry e-mails compared to most other parts of the system. There's no reason that you need to specifically rely on this as part of your workflow when there are so many other tools out there, most of which can be better customized for your specific needs.

Notably, Let's Encrypt expiry notifications don't try to check whether an expiring certificate is in use or not, whereas other monitoring tools will actually connect to your service to make sure that the certificates you actually use have been replaced with updated versions before they expire.

2 Likes