Why didn’t your “ACTION REQUIRED: Renew these Let’s Encrypt certificates by March 4” email also tell us which domains were already renewed and not affected by this bug? You are making extra work for us all!
If you list the newest unaffected cert as well as the effected ones… — then I will know I am all set… since I know how my domains are used. Your email is creating unnecessary work millions of domains you can and should do better.
This is definitely something we wanted to do, but we were faced with a tradeoff: Spend the extra time doing the analysis of which certificates are currently live on each site, or get the notifications out as soon as possible.
We actually did start doing that analysis, but concluded getting the notifications out sooner was more important than further trimming the list. Definitely sorry for the extra work it has caused.
Emphasising on this part: why for the love of IPU, why?
Let’s Encrypt is a free of charge publically accepted CA. They don’t owe you anything. The fact they send you an email is very courteous. They could have forgo with that e-mail and just post it on their website. But they didn’t. They send you an e-mail. You should be grateful.
I have to say, I disagree with this sentiment. We owe a lot to our subscribers. For one thing, as a trusted provider of important services on the Internet, we owe them quality service, clear and transparent communication in as timely a manner as we can make it, and an explanation when things go wrong. We will always try our best to provide all of those things. Sometimes we’ll fall short, and we’ll use those opportunities to improve our processes and do better next time.