Adapt to Let's Encrypt new policy

[ctm]

Read the information below and do something to prevent us from being surprised in the future.

FWIW, we currently update our certificates via cron and that "always" (ha!) works. I think it's basically worked every time since I added it… until I upgraded our server at which point I think I somehow botched the configuration and IIRC, we got a warning from Let's Encrypt that our certificates would expire. With that warning, I was able to fix the problem before anything happened.

So, I think we probably want to use Red Sift Certificates Lite to make sure we don't get surprised in the future. It probably also make sense to investigate Automatic Renewal Information, since it might be less prone to surprises after a server upgrade than our crontab based solution.

I'm labeling this high priority, but a solution within the next few weeks is fine.

Hi,

As a Let’s Encrypt Subscriber, you benefit from access to free, automated TLS certificates. One way we have supported Subscribers is by sending expiration notification emails when it’s time to renew a certificate.

We’re writing to inform you that we intend to discontinue sending expiration notification emails. You can learn more in this blog post. You will receive this reminder email again in the coming months:

https://letsencrypt.org/2025/01/22/Ending-Expiration-Emails

Here are some actions you can take today:

Automate with an ACME Client that supports Automated Renewal Information (ARI). ARI enables us to automatically renew your certificates ahead of schedule should the need arise:

https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients

Sign up for a third-party monitoring service that may provide expiration emails. We can recommend Red Sift Certificates Lite, which provides free expiration emails for up to 250 active certificates:

https://redsift.com/pulse-platform/certificates

Opt in to emails. While we are deprecating expiration notification emails, you can opt in to continue to receive other emails. We’ll keep you informed about technical updates, and other news about Let’s Encrypt and our parent nonprofit, ISRG, based on the preferences you choose:

https://letsencrypt.org/opt-in/

In accordance with this change, we are updating our Subscriber Agreement, effective 24 February 2025. This is the agreement that governs the relationship between you and ISRG with regards to your acquisition and use of SSL/TLS digital certificates issued by ISRG (via Let's Encrypt). You don't need to take any action to continue to use the Let's Encrypt service but we encourage you to review the new agreement. You can find the latest agreement (v1.5) here:

https://letsencrypt.org/repository/

If you are receiving this email in error, unsubscribe at:
http://delivery.letsencrypt.org/track/unsub.php?u=30850198&id=2fe8a9cf2c5c4b248809ef20cb084c82.mRdDCE3aBGKq7IRb5bljq6mhpV8%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dc%252A%252A%252A%252A%2540g%252A%252A%252A%252A.%252A%252A%252A

All the best,
Let’s Encrypt