TLS/SSL certificates are essential for securing web communications by encrypting the data exchanged between clients and servers. The rise of Let’s Encrypt—offering free, automated certificates—has made it easier for organizations of all sizes to secure their websites and services without added costs.

However, a recent change by Let’s Encrypt has significantly impacted the day-to-day operations of thousands of system administrators and infrastructure teams: the end of expiration notification emails for certificates.

What is Let’s Encrypt and How Does Certificate Issuance Work?

Let’s Encrypt is a certificate authority that provides free TLS certificates through an automated process. Its success is based on a few key principles:

  • Automation: Certificates are issued and renewed using tools like Certbot, which are integrated into servers and platforms.
  • Short validity period:Certificates are valid for 90 days, encouraging frequent renewals and helping maintain up-to-date security.
  • Validation process:To issue a certificate, domain ownership is verified—typically via DNS or HTTP challenge methods.

Using these certificates in combination with automation makes it easier to secure multiple websites and services while reducing operational workload.

Changes to Let’s Encrypt’s Notification Policies

Until recently, platforms and tools managing Let’s Encrypt certificates sent expiration alerts—notifications that allowed administrators to renew certificates before they expired.

However, in 2023/2024, Let’s Encrypt announced it would discontinue these notification emails to cut costs and improve infrastructure scalability. As a result, administrators and platforms that relied on these alerts must now implement their own monitoring, renewal, and certificate management mechanisms.
This change has several implications:

  • Manual certificate management becomes more error-prone.
  • Automation is now essential for maintaining secure systems.
  • Organizations must adopt dedicated monitoring and auto-renewal solutions.

The Role of DNS Providers in Automatic Renewal

To address this new scenario, Let’s Encrypt recommends using automation tools or DNS providers that support automatic certificate validation and renewal. This is done through a mechanism known as DNS-01 challenge, where domain ownership is proven by creating temporary DNS records.

Many DNS providers now offer integrations that allow automatic certificate renewals, enabling:

  • Renew certificates without manual intervention
  • Trigger internal or external alerts when a renewal fails
  • Manage Wildcard certificates, protecting multiple subdomains with a single certificate

Let’s Encrypt maintains a public list of compatible DNS providers compatible with this functionality, and it is up to each organization to choose a solution that guarantees continuity and security.

SKUDONET: Centralized Certificate Management with Let’s Encrypt

SKUDONET natively integrates Let’s Encrypt certificate management into its platform, offering automated renewals, DNS-based validation, and support for Wildcard certificates—all from a centralized, user-friendly interface.

This means our users no longer need to rely on manual tasks, external scripts, or email reminders to keep certificates valid.

Key features of SKUDONET’s SSL module include:

  • Built-in Let’s Encrypt integration: Issue and renew certificates automatically from within the platform—no additional configuration required by the user.
  • Auto-renewal flag: When the auto-renewal option is enabled, the system will renew certificates automatically before they expire, seamlessly and without user intervention.
    Auto renewal flag for Let’s Encrypt Certificate Management
  • Support for 7 DNS providers, including Cloudflare, AWS Route 53, Google, Infoblox, acme-dns, Azure DNS, and, since version 10.0.10, Infomaniak.
    DNS providers for Let’s Encrypt Certificate Management
  • Easily add new DNS providers:Our architecture is designed to be flexible. We can quickly add support for new DNS providers without service interruptions, based on user demand.
  • Wildcard certificate support: Using DNS validation, SKUDONET allows issuance of certificates like *.yourdomain.com, securing all subdomains with a single certificate.

Community vs. Enterprise Edition: Certificate Management Capabilities

Both editions support Let’s Encrypt integration, but their capabilities differ significantly in terms of automation and management:

  • Community Edition: Allows manual issuance of Let’s Encrypt certificates. Suitable for simpler environments or a small number of domains. Does not support auto-renewal, DNS provider integration, or Wildcard certificates.
  • Enterprise Edition: Built for demanding environments, it includes a full-featured certificate management module: automated renewals, Wildcard support, DNS provider integration, and centralized web-based management.

These differences make the Enterprise Edition the recommended choice for organizations managing multiple domains or requiring high availability.

Let’s Encrypt’s decision to stop sending expiration reminders poses a challenge—especially for enterprise environments managing numerous domains and subdomains. With the rapid growth of digital services, infrastructure teams can no longer rely on manual tracking of certificate expirations.

Automation and centralized management are now essential to reduce risk and boost operational efficiency.

Try SKUDONET Enterprise Edition free for 30 days and discover a scalable, secure, all-in-one solution with centralized certificate management, load balancing, and advanced security features.