Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be ending this service on June 4, 2025. The decision to end this service is the result of the following factors:
Over the past 10 years more and more of our subscribers have been able to put reliable automation into place for certificate renewal.
Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records.
I think it’s a good idea, everyone should be automating this anyway.
Providing expiration notifications costs Let’s Encrypt tens of thousands of dollars per year
Not doubting them, but I don’t understand how that’s possible.
Storing the email addresses and expiration dates takes an irrelevant amount of storage space, even if they had billions of cutomers.
Sending the emails should also not cost thousands, even if a significant amount of customers regularly let their certificates expire (which hopefull isn’t the case).
So where are the tens of thousands of yearly costs coming from?
As with all things email, they probably really wanted to make sure that the mails were delivered and thus were using a commercial MTA to ensure that.
I’d wager, even at 20 or 30 or 40k a year, that’s way less than it’d cost to host infra and have at least two if not three engineers available 24/7 to maintain critical infra.
Looking at my mail, over the years I’ve gotten a couple hundred email from them around certificates and expirations (and other things), and if you assume there’s a couple million sites using these certs, I could easily see how you’d end up in a situation where this could scale in cost very very slowly, until it’s suddenly a major drain.
If they send 2 emails per subdomain per year, that could easily be 10s of millions which would make the cost per email measured in thousandths of a cent. And I could see the number of subdomains being larger by a factor of 10, maybe more.
Another angle: someone with IT experience needs to manage the system that seems emails, and other engineers need to integrate other systems with the email reminder system. The time spent on engineering could easily add up to thousands per year, if not tens of thousands.
I’m guessing their figure is based on both running costs and engineering costs.
Transactional email services are about $15 per 10,000 emails. I’ll round down to $10 to consider b2b deals and let’s just say it’s $10,000 per year. That would be like idk 84k emails a month.
Keep in mind this doesn’t consider the DB hosting and the processing of expiring emails and salaries, so yeah, I could see it.
Not yelling, but pointing out, to people who also dont math, that if we assume $10 per 10k emails (or $1 per 1k, for simpler math), that’d be $84 for 84000 emails in a month, so you need to add another 0 to the figure (ie 840k emails in a month)
Not doubting them, but I don’t understand how that’s possible.
Storing the email addresses and expiration dates takes an irrelevant amount of storage space, even if they had billions of cutomers.
Sending the emails should also not cost thousands, even if a significant amount of customers regularly let their certificates expire (which hopefull isn’t the case).
So where are the tens of thousands of yearly costs coming from?
As with all things email, they probably really wanted to make sure that the mails were delivered and thus were using a commercial MTA to ensure that.
I’d wager, even at 20 or 30 or 40k a year, that’s way less than it’d cost to host infra and have at least two if not three engineers available 24/7 to maintain critical infra.
Looking at my mail, over the years I’ve gotten a couple hundred email from them around certificates and expirations (and other things), and if you assume there’s a couple million sites using these certs, I could easily see how you’d end up in a situation where this could scale in cost very very slowly, until it’s suddenly a major drain.
If they send 2 emails per subdomain per year, that could easily be 10s of millions which would make the cost per email measured in thousandths of a cent. And I could see the number of subdomains being larger by a factor of 10, maybe more.
Another angle: someone with IT experience needs to manage the system that seems emails, and other engineers need to integrate other systems with the email reminder system. The time spent on engineering could easily add up to thousands per year, if not tens of thousands.
I’m guessing their figure is based on both running costs and engineering costs.
According to their stats page, Let’s Encrypt’s certificates are used by around 500M domains.
Transactional email services are about $15 per 10,000 emails. I’ll round down to $10 to consider b2b deals and let’s just say it’s $10,000 per year. That would be like idk 84k emails a month.
Keep in mind this doesn’t consider the DB hosting and the processing of expiring emails and salaries, so yeah, I could see it.
Edit: before anyone yells at me. I can’t math.
Not yelling, but pointing out, to people who also dont math, that if we assume $10 per 10k emails (or $1 per 1k, for simpler math), that’d be $84 for 84000 emails in a month, so you need to add another 0 to the figure (ie 840k emails in a month)
I just realized I have no idea who pays for Let’s Encrypt. I just run the server commands, automate it, and move on.
Let’s Encrypt is run by a non-profit (Internet Security Research Group), they list their major sponsors and funders on their website.
Notable mention of Mozilla being a Platinum sponsor.