1. 9

  2. 3

    This “service” just sends you an email with a calendar event on the day your cert expires. I’m not sure how useful that is. For someone with an already-packed inbox and calendar, I don’t need another thing to have to go and manually check up on.

    If we assume that everyone is using automated certificate generating and signing, then I think it would make more sense if this service checked for certificates past a certain age (or a certain number of days before expiration) and emailed only on erroneous conditions. For example, I rotate my certs every 60 days but the certs are valid for 90 days. I would like to get an email for any cert still active at 65 days old, for example.

    Actually, I think LE might already do this to some extent.

    1. 2

      I’m not sure why you quote the word service. It’s a service with a reasonable fee for a reasonable price. If I dabbled writing this, I’d have a hard time saving money if my time was paid for years.

      If the model doesn’t fit, you could reasonably quick write probe for your favourite monitoring service if you missed one (I know people that have a nagios probe for all their services and all their third-party services). But this assumes you have a monitoring service at hand.

      This is a classic service that makes sense in a small- to midrange setting, possibly in areas where you don’t have full control.

      1. 1

        Yeah they email you within a window of expiry, and then every few days until expiry.

        Also, LE’s certbot now sets up a cronjob for you.

        1. 1

          With Let’s Encrypt, I get emails from them a few days out for certs that are going to expire. It’s helpful because if you set up automation to renew every 30 days (for example), then you really only get those emails from LE when the automation has broken for some reason.