Back to Community Threads
Let's Encrypt down (not smartermail related but an FYI)
Problem reported by Dave - 5/8/2026 at 1:07 PM
Submitted
D
If anyone is having an issue with certs renewing it's not you it's them:

Happy Friday. Just lost 1/2 an hour banging my head against the desk.
HAve you got automated certificate renewal working on the server ?
D
Dave Replied
5/8/2026 at 1:26 PM
It was. Added a new client and went to get a new cert for his mail.domain.com and nothing :(
Existing certs are fine. Just an annoyance for now. 
D
Dave Replied
5/8/2026 at 2:07 PM
And they are back. :-)
John Quest Replied
5/8/2026 at 3:36 PM
Aw shucks, they came back. And here, I was hoping they were gone for good.

<Free SSL certificates is causing valid serious certificate users enormous headaches.>
Why?
Sébastien Riccio Replied
5/9/2026 at 5:03 AM
Aw shucks, they came back. And here, I was hoping they were gone for good.
Do you really want to go back when it was necessary to buy a certificate for every domain you host ? :)
Sébastien Riccio
System & Network Admin
Yes pls.
Sébastien Riccio Replied
5/9/2026 at 9:33 AM
For Banks, big companies and critical I agree, but for small businesses websites hosting and personal stuff, it was a pain to manage paid certificates. I see no advantages here.

Also the paid certificates are now limited to 199 days AFAIK and going to be limited to 47 days towards 2029... You'll then still need to rely on ACME or any other automation tool to manage them or it will be a nightmare.
Sébastien Riccio
System & Network Admin
I know. Why is a mystery to me.... 
mh Replied
5/11/2026 at 4:29 AM
"valid serious certificate users". Ok.
If you're getting a cert from LetsEncrypt, it's a valid serious certificate. And in no way affects those who choose not to.
Apparently the internet sees it otherwise.

:)

And there is definately a trust issue between paid certificate vendors like Digicert and the free ones that has no liability at all.
John Quest Replied
5/11/2026 at 8:49 AM
For Banks, big companies and critical I agree, but for small businesses websites hosting and 
personal stuff, it was a pain to manage paid certificates. I see no advantages here
The easier it is for the common Joe, the easier it is for the bad actors. Which is EXACTLY what has happened.


Also the paid certificates are now limited to 199 days AFAIK and going to be limited to 47 days towards 2029... You'll then still need to rely on ACME or any other automation tool to manage them or it will be a nightmare.
YOU have no understanding of the problem. The reason that new rules and policies and such have HAD TO BE INSTITUTED is because of the rampant and common usage of free certificates by bad actors.

Have you read into the reasoning behind those new rules?

"valid serious certificate users". Ok.
If you're getting a cert from LetsEncrypt, it's a valid serious certificate. And in no way affects those who choose not to.
You do not understand of the problems. Yes, ABSOLUTLY. The easy availability of free certificates is severally impacting legit serious certificate users, because they (me) are having to deal with new rules and policies because of the rampant and common usage of free certificates by bad actors.
Sébastien Riccio Replied
5/11/2026 at 10:53 PM
And there is definately a trust issue between paid certificate vendors like Digicert and the free ones that has no liability at all.
That really adds a trust value, yes...
Sébastien Riccio
System & Network Admin
Digicert will be liable for damages. If that happened to Let's Encrypt, they wouldnt be.

Thats the difference. This is not about security itself. This is about the easiness of getting certified.
s
sbh Replied
5/12/2026 at 3:01 AM
YOU have no understanding of the problem. The reason that new rules and policies and such have HAD TO BE INSTITUTED is because of the rampant and common usage of free certificates by bad actors.
Let's Encrypt's certificates have only ever been valid for 90 days, I'm not quite sure I see how LE caused paid certs to be shorter (rather I think it's a consequence of lax procedures at certificate authorities resulting in far too many examples of them issuing certificates for domains when they have no right to). Also I think the positive of almost all internet traffic being encrypted in transit with minimal effort/cost is far more important than reducing your workload, the bigger picture here is that SSL in and of itself is not a sign of trust - it's a necessary security feature to prevent MITM attacks and should have a low barrier of entry. 

Maybe we should go back to EV certs having an additional signifier in browsers, especially since browsers don't even show a padlock for SSL'd sites now (e.g. when IE had a bright green URL bar for EV), but LE has invariably had a positive impact on internet security and they're not the problem here.
You can faily easy do MITM on https traffic... just FYI.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
TLS 1.0/1.1 Deprecation InformationGeneral Topics
SmarterMail, LDAP, and Active DirectorySmarterMail > Server Configuration and Management
Remote Server returned: '602' errorSmarterMail > Troubleshooting
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management