Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be ending this service on June 4, 2025. The decision to end this service is the result of the following factors:
Over the past 10 years more and more of our subscribers have been able to put reliable automation into place for certificate renewal.
Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records.
I think it’s a good idea, everyone should be automating this anyway.
My server does it automatically, but I have few services I can’t make to read the certs from server storage, so I have to manually copy cert content. Especially Adguard Home for some reason refuses to read my certs.
Whole path has to be accessible, not just the file itself. All dirs above the file need to have the executable bit set that affects the user accessing the file.
I just wish I wouldn’t have to renew certs so often.
If Apple gets their way, you’ll be renewing every month:
https://certera.com/blog/apples-proposal-to-shorten-ssl-tls-certificate-lifespans-to-45-days-by-2027/
Fuck Apple and Microshit
You’re not supposed to do it manually.
Tell that to all the embedded device manufacturers… switches, appliances, nas, etc.
There’s a whole load of things that will have a massive administrative burden if the frequency is dropped.
Skill issue.
My server does it automatically, but I have few services I can’t make to read the certs from server storage, so I have to manually copy cert content. Especially Adguard Home for some reason refuses to read my certs.
You could use a reverse proxy to terminate tls, and take the tls off of ad guard itself.
Have the same problem. But symlinks or copying them via cron solved it for me.
Yes! yes | cp -Lrf /etc/letsencrypt/live/…domain…/*.pem /var/snap/adguard-home/current
Have you tried to automate it?
Fullchain.pem works. Privkey doesn’t. I’ve tried chmod 777 (yes, I know, just testing) and still can’t access the file.
Whole path has to be accessible, not just the file itself. All dirs above the file need to have the executable bit set that affects the user accessing the file.
I know, but for some reason Adguard can read the fullchain, not privkey. Now it works.