Letsencrypt renewal emails

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,937
Location
London UK
I do not see the reason for these renewal emails at all, seeing DA renews automatic....... I know email WAS sent to the user account, but now, it's sent to the resellers..... I just don't see the point in them, especially to resellers.

NOTE: Yes, I know you can't opt-out fom LE's own emails, but why DID DA change the email to the reseller's
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,453
Location
Maastricht
I just don't see the point in them, especially to resellers.
I guess the reason that DA change the email to the resellers is, because admin's don't need to be bothered by something which is not for their customers. If a reseller's customer has an issue updating letsencrypt, the reseller should know about it at first, not admin.
If really there is something wrong with the system, it's the reseller who should contact admin, not the customer.

I'm not sure if that's the reason why, but this seems a most appropriate and logic reason for it. I like it this way.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,937
Location
London UK
because admin's don't need to be bothered by something which is not for their customers. If a reseller's customer has an issue updating letsencrypt, the reseller should know about it at first, not admin.
I mean renewals, not issues of errors with renewals, which DA does internally.....

Looks like you can opt-out providing an email to letsencrypt https://letsencrypt.org/docs/expiration-emails/ ? I just do not see the point providing an email at creation.. It isn't even needed for certificates.. I didn't even get an email about the flaw they had, so what are they doing with these email addresses?!
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,453
Location
Maastricht
Looks like you can opt-out providing an email to letsencrypt https://letsencrypt.org/docs/expiration-emails/ ? I just do not see the point providing an email at creation.. It isn't even needed for certificates..
As far as I remember only admin emails are used for this nowadays for this (if it even is still used). They changed that a while ago to not bother users with these things.
I've got a memory error about this at the moment. The only thing I know is that I get a mail about a couple of domains I created in the beginning when DA first started using Letsencrypt. I seldom get mails about renewals or creation from LE. I get them from DA if I'm correct.

I don't know what LE is doing with these addresses, maybe only for what it says. Providing you with a mail when a certificate is coming to expiration and when you have double certificates.
So it's kind of a service. And it saved me already twice when DA did not renew my certificates automatically I got an email from LE that they were about to expire.
And there you go... users don't understand what to do, so they will complaint anyway or just do nothing while they should do something, hence the move from them to resellers.
There's a topic about this somewhere on the forums here where this move was discussed, just can't find it that quickly, and to be fair... I'm also not going to search further for it, but you might if you want.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,937
Location
London UK
I know I go on, but another thing I have issues with... If a client moves their domain away and doesn't delete it from DA, the renewal procedure keeps trying every day, and failure emails get sent...

Can't the script check if the domain is set to the server nameservers, or the A record is set to the correct IP, if not, disable renewal tries?
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
813
Location
Netherlands Germany
I know I go on, but another thing I have issues with... If a client moves their domain away and doesn't delete it from DA, the renewal procedure keeps trying every day, and failure emails get sent...

Can't the script check if the domain is set to the server nameservers, or the A record is set to the correct IP, if not, disable renewal tries?
Yup i had that to, but ok it is to remember to first do disable ssl / letsencrypt for that domain , and then asking client yes or no delete stuff.
Yes i did get emails from letsencrypt for that one.

So yup better not to have trying renewals then , but also then still receive a email with: that because of that reason renewal is not possible?
 

Zhenyapan

Verified User
Joined
Feb 23, 2018
Messages
462
Location
UA
I know I go on, but another thing I have issues with... If a client moves their domain away and doesn't delete it from DA, the renewal procedure keeps trying every day, and failure emails get sent...

Can't the script check if the domain is set to the server nameservers, or the A record is set to the correct IP, if not, disable renewal tries?
You can configure max retries limit
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,453
Location
Maastricht
Can't the script check if the domain is set to the server nameservers, or the A record is set to the correct IP, if not, disable renewal tries?
I use local nameserververs, also for resolving. So as long as DA seens the domain present on the current server, it will try to renew several times. Best is if a user moves, to also delete that account from the server. So I wouldn't know how the script has to discover if a domain is active or not because some domains also use external nameservers.

However, as you can see, there is an other option which @Zhenyapan gave so you won't get that much notices.
And ofcourse you can always disable renewal attempts on account level after you got the first failed message.
 
Top