June 2025 change · Action required

Let's Encrypt Stopped Expiration Emails — Here's the Alternative

Q: Why did Let's Encrypt stop sending expiration emails?

Let's Encrypt's announcement cites four reasons: most subscribers now use reliable renewal automation; sending email requires retaining email addresses tied to issuance records, which they would prefer not to do; sending tens of millions of emails per year has measurable operational cost; and removing the service simplifies the issuance infrastructure so engineering effort can go into reliability and new features.

Q: How quickly can I replace the Let's Encrypt email alerts?

Roughly five minutes. Open the Telegram bot, send /remind domain.com 30 for each domain to add it and schedule a reminder, then add shorter windows. Most users finish a small portfolio (under 20 domains) inside a single coffee break.

On June 4, 2025 Let's Encrypt ended its certificate expiration notification email service. Replace the alerts in five minutes with Certimon — free Telegram SSL reminders for unlimited domains.

Open Telegram Bot Jump to Migration Steps

What changed in June 2025

On January 22, 2025, Let's Encrypt announced it was ending the expiration notification email service. The service stopped on June 4, 2025. Subscribers who relied on those emails as their last line of defence against expired certificates no longer receive any warning.

Let's Encrypt's stated reasons: most subscribers already use reliable renewal automation; sending email requires retaining the email addresses tied to issuance records (which they would prefer to drop for privacy); sending tens of millions of emails a year has real operational cost; and removing the service simplifies the issuance pipeline so engineering can focus on reliability and new features.

The risk: renewal automation can and does silently fail — DNS changes, ACME rate limits, expired account keys, broken cron jobs, hosting migrations, firewall rules blocking the HTTP-01 challenge. Without an external monitor you only find out when the browser shows NET::ERR_CERT_DATE_INVALID to a customer.

Sources: Let's Encrypt — Ending Support for Expiration Notification Emails, Let's Encrypt docs — Expiration Emails.

Why a dedicated monitor beats the old email alerts

Even before the change, the email service had real gaps. A monitor that runs an actual TLS handshake against your domain catches failures the old workflow could not.

Checks the live certificate

Certimon performs a TLS handshake against your hostname. If the deployed certificate differs from what was issued — wrong file path, missing reload, stale cache — you still get an alert.

Multiple reminder windows

30 days, 7 days, 1 day — set whatever fits your renewal SLA. The old email service sent at fixed offsets you could not tune.

Lands where you already work

Telegram, not a shared inbox no one reads. Reminders show up in the same channel as the rest of your operational alerts.

Migration: replace the email alerts in 5 minutes

A step-by-step path from the discontinued Let's Encrypt notifications to working Telegram reminders.

1

List the domains that used Let's Encrypt email alerts

Make a list of every domain whose certificates were tied to a Let's Encrypt subscriber email. Include subdomains, staging hosts, and any internal services you renew with ACME. If you are not sure, grep your Certbot configuration: grep -r "email" /etc/letsencrypt/.
2

Open the Certimon Telegram bot

In Telegram open @CertimonBot and press Start. There is no signup, no credit card, no email confirmation.
3
Add each domain and set the first reminder

For every domain on your list, send a /remind command. Certimon adds the domain, performs a TLS check, and schedules the reminder window in one step:
```
/remind example.com 30
/remind www.example.com 30
/remind api.example.com 30
```
Use /check example.com any time for an instant on-demand SSL inspection.
4
Add the shorter reminder windows

Layer additional reminders so a single missed message doesn't lose you the warning. A common setup:
```
/remind example.com 7
/remind example.com 1
```
Adjust per domain — a marketing site might only need 30 and 7; a checkout endpoint should also have 1.
5

Verify and decommission the old workflow

Run /domains and confirm every domain from step 1 is in the list. Once you see your first reminder land in Telegram, you can update the runbook and stop relying on the discontinued Let's Encrypt expiration emails.

Old Let's Encrypt emails vs Certimon

Capability	Let's Encrypt expiration emails (pre June 2025)	Certimon
Status today	Discontinued June 4, 2025	Active and free
Detection method	Issuance record (didn't see deployment failures)	Live TLS handshake on your hostname
Reminder windows	Fixed offsets (20 / 10 / 1 days)	Configurable per domain
Delivery channel	Email inbox	Telegram (where ops alerts live)
Works with non-Let's Encrypt CAs	No	Yes — any CA
Domain count	Tied to subscriber email	Unlimited
Cost	Free (no longer offered)	Free

FAQ — replacing Let's Encrypt expiration emails

Did Let's Encrypt really stop sending expiration emails?

Yes. Let's Encrypt announced on January 22, 2025 that the expiration notification email service would end on June 4, 2025. Subscribers no longer receive certificate expiry warnings by email.

Why did Let's Encrypt stop sending expiration emails?

Their announcement cites four reasons: most subscribers already use reliable renewal automation; sending email requires retaining email addresses tied to issuance records, which they would prefer to drop; sending tens of millions of emails per year has measurable operational cost; and removing the service simplifies the issuance infrastructure so engineering effort can focus on reliability and new features.

What is the best alternative to Let's Encrypt expiration emails?

A dedicated certificate monitor such as Certimon. It checks the live certificate served by your hostname (not just the issuance record), supports unlimited domains for free, and sends reminders to Telegram on configurable schedules so the alert lands where your team already responds to incidents.

Will my Let's Encrypt certificates still renew without the email alerts?

Yes. The email service was a notification, not a renewal. Certbot, other ACME clients, hosting-provider integrations, and Kubernetes cert-manager continue to renew certificates exactly as before. The risk is that you no longer get a warning if renewal silently fails.

Does Certimon work with Let's Encrypt and other certificate authorities?

Yes. Certimon performs a TLS handshake against your domain, so it works with certificates from any CA — Let's Encrypt, ZeroSSL, Cloudflare, DigiCert, Sectigo, GoDaddy, internal corporate CAs, and more.

Is there a free replacement for Let's Encrypt expiration emails?

Yes. Certimon is free for unlimited domains and unlimited reminders. There is no paid tier required to monitor Let's Encrypt certificates.

How quickly can I replace the Let's Encrypt email alerts?

Roughly five minutes. Open the Telegram bot, send /remind domain.com 30 for each domain to add it and schedule a reminder, then add shorter windows. Most users finish a small portfolio (under 20 domains) inside a single coffee break.

Related guides

Let's Encrypt expiry bot alternative

Replacing expiry.letsencrypt.org and the old expiry-bot workflow.

Check SSL certificate expiration date

Quick SSL check methods: openssl, browser, and Certimon.

Replace the Let's Encrypt email alerts now

Five minutes of setup, free forever, alerts in Telegram before any certificate goes red.

Start free monitoring