- Let’s Encrypt will halt certificate expiration emails from June 2025
- It says most users have automated renewals anyway
- Move will also see organization will delete millions of email addresses from its database
Let’s Encrypt has revealed it will no longer notify website administrators when their SSL/TLS certificates are about to expire. While this sounds like trouble – it actually seems to be a good thing.
The news was confirmed by the company’s executive director and co-founder, Josh Aas, in a blog post noting email notifications will stop going out on June 4, 2025, citing four key reasons. The first one is that a growing majority of subscribers have automated certificate renewal, reliably, rendering the service somewhat obsolete.
The second reason is to cut down on costs – providing expiration notifications costs the organization “tens of thousands of dollars per year,” Aas said, adding that the money could be better spent elsewhere.
Protecting user privacy
“Providing expiration notifications adds complexity to our infrastructure, which takes time and attention to manage and increases the likelihood of mistakes being made,” he said in the article. “Over the long term, particularly as we add support for new service components, we need to manage overall complexity by phasing out system components that can no longer be justified.”
However, the fourth reason is particularly interesting, since it essentially protects user privacy. Sending out email notifications also means that the organization needs to retain millions of email addresses connected to issuance records. “As an organization that values privacy, removing this requirement is important to us.”
In other words, Let’s Encrypt will delete millions of email addresses from its database, reducing the risk of those emails being snatched by a threat actor.
For those who would like to continue getting email notifications, Let’s Encrypt suggests using a third-party service such as Red Sift Certificates Lite, which is free for up to 250 certificates.
Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides SSL/TLS certificates to websites. It helps encrypt web traffic, ensuring secure connections between users and websites (HTTPS).
Leave a comment