Email is both cheap and very not cheap. Once you hit a moderate level of scale, the bill starts to add up. At LE's scale, I imagine it costs a lot to send out that email. If the value isn't there, then personally I'd rather they focus their funds on other efforts. Personally, I was saved by one email for a cert renewal that was failing, but the majority of them are irrelevant because of my automations.
Letsencrypt don't provide a way to tell them "I'm not using this certificate any more", so they send out so many false-positive warnings that they're likely to drown out any signal.
Every time I move a service to a machine using a different letsencrypt account, or add a domain to a certificate, I get an unactionable warning email.
Like you, I was saved by this once. I had a certificate with multiple domain names [1], and decided not to renew one of the domains. That caused the certificate renewal to fail, even though I was still serving content on the other domains.
The email alerted me to this - and that alone made it worth it for me, even with all the noise. But I can understand LE's position, especially since there are other options for setting up free certificate monitoring.
[1] I didn't even realize I was doing this - it's just how certbot set things up based on my nginx configuration.
I do, for some hosts I'm to lazy to setup DNS validation and which are services which are not HTTP-based, but still use TLS/SSL (so no exposed 80/443 to the web).
It's nice to get reminded of the expiring cert and it takes me every 3 months like 5min to renew the cert for 2-3 hosts. To lazy to automate me 15mins.
I didn't even know they did this. I've always just used a little shell script and a text file with the domains I currently have active in LE. It's hard for me to imagine how they went this long given the number of certs people issue and renew for so many things. I've managed email campaign infrastructure and I could envision this costing much more. Probably less UCE complaints but probably a lot more bounces back-scatter and overall volume. It would be interesting to see their outbound email statistics.
Finally! It was annoying have to Google the poorly documented --register-unsafely-without-email every single time you needed a one off cert for something.
Email is both cheap and very not cheap. Once you hit a moderate level of scale, the bill starts to add up. At LE's scale, I imagine it costs a lot to send out that email. If the value isn't there, then personally I'd rather they focus their funds on other efforts. Personally, I was saved by one email for a cert renewal that was failing, but the majority of them are irrelevant because of my automations.
Are these emails useful to people?
Probably not.
Letsencrypt don't provide a way to tell them "I'm not using this certificate any more", so they send out so many false-positive warnings that they're likely to drown out any signal.
Every time I move a service to a machine using a different letsencrypt account, or add a domain to a certificate, I get an unactionable warning email.
Pretty sure you don't get an email if you revoke the certificate
Like you, I was saved by this once. I had a certificate with multiple domain names [1], and decided not to renew one of the domains. That caused the certificate renewal to fail, even though I was still serving content on the other domains.
The email alerted me to this - and that alone made it worth it for me, even with all the noise. But I can understand LE's position, especially since there are other options for setting up free certificate monitoring.
[1] I didn't even realize I was doing this - it's just how certbot set things up based on my nginx configuration.
As SRE, I guarantee someone somewhere is manually running certbot to get a new certificate when they get expiration email from Let's Encrypt.
I do, for some hosts I'm to lazy to setup DNS validation and which are services which are not HTTP-based, but still use TLS/SSL (so no exposed 80/443 to the web).
It's nice to get reminded of the expiring cert and it takes me every 3 months like 5min to renew the cert for 2-3 hosts. To lazy to automate me 15mins.
https://xkcd.com/1172/
I didn't even know they did this. I've always just used a little shell script and a text file with the domains I currently have active in LE. It's hard for me to imagine how they went this long given the number of certs people issue and renew for so many things. I've managed email campaign infrastructure and I could envision this costing much more. Probably less UCE complaints but probably a lot more bounces back-scatter and overall volume. It would be interesting to see their outbound email statistics.
Heh, with a six-day certificate on the road map, this change makes a lot of sense.
I'm excited to not get spurious expiration emails just because I changed the list of domains in a certificate.
Finally! It was annoying have to Google the poorly documented --register-unsafely-without-email every single time you needed a one off cert for something.
https://letsencrypt.org/docs/monitoring-options/