Mark Clowes (38M 🇬🇧)

Index - Let's Encrypt Certificate Expiry Notification

Let's Encrypt announced recently that they will no longer send out e-mails notifying you of a certificate issued to you that is about to expire. This would be either because you have chosen to let it expire, or the renewal automation has failed. Certificates last 90 days and are typically renewed at 60 days.

In place of this, for a Debian-lineage system and presuming you have cron mail working, this crontab entry can be a suitable simple replacement:

00 12 * * * find /etc/letsencrypt/live -name "*.pem" -mtime +65

This will check every day at 12 noon for live certificates that are at least 65 days old. I use the nullmailer package with the free tier of smtp2go.com using this configuration to receive system mail:

/etc/nullmailer # tail -n +1 *
==> adminaddr <==
my-email-address@example.com

==> allmailfrom <==
ov2410ua@notify.clow.es

==> defaultdomain <==
notify.clow.es

==> remotes <==
mail.smtp2go.com smtp starttls --port=2525 --user=smtp2go-username --pass=smtp2go-password