jsoref
commented
7 years ago Adding the word "expiring" to this ticket because I searched for that keyword...
Open cpu opened 7 years ago
jsoref
commented
7 years ago Adding the word "expiring" to this ticket because I searched for that keyword...
jsoref
commented
7 years ago So, there are three granularities afaict:
Afaiu, currently boulder fills in a template: to:$subscriber_email
cert for $domain is expiring
[suffix provided by provider]
I'm pretty sure (at the cost of managing subscriptions in boulder), an extra url could be dumped into the template which allows tuning the subscription for subscriber_email/domain/certificate...
jsha
commented
7 years ago at the cost of managing subscriptions in boulder
Yep, this is the key blocker. :-) Right now we use our email provider's built-in unsubscribe functionality, which is less than ideal because it doesn't allow this type of granularity. We can move this into Boulder but it's a significant chunk of work.
ppKrauss
commented
7 years ago Thanks @cpu, it is an important issue!
The simplest solution to the main problem is to offer, into the body of the email, a link (an URL) to unsubscribing on per-certificate basis.
PS: as "secret link" it can use some hash (ex. SHA256 of certificate-ID, time and user credentials), or a check-mail-number form... As strategy to avoid malicious unsubscription.
ppKrauss
commented
7 years ago It is my personal vision, please, to avoid confusion see as parallel discussion ;-)
The "certbot system" (Certbot+Boulder) do all. Certbot-client do the certificates and the communication with Boulder-server (it is a webservice working for certbot clients), Bounder send e-mails.
We can't isolate "only certbot bugs" from "only Bounder bugs", it is an error to ignore the "system-level" problems, the coupling between Certbot and Bounder projects.
When deleteing and revoking a certificate X using certbot commands, the user's expectative is to turn-off the emails automatically. This expectative is coherent, must be respected (!)...
If there are a communication problem, it is a "certbot system" problem, therefore, a "bug of the system".
The message ignores the fact that Certificate X not exists for user context, not exist in the server of the Certificate X... So user not need e-mail alerts about it: this is like SPAM, was unsolicited.
Supposed non-related problems will lost impact, or can even be solved,
the certbot messages can add the URL after revoke or renew, or in renew contexts... See Certbot's issue #5099
See a lot of community.letsencrypt.org/ cases as 24583, 18734, ...
... need to list all? ...
Presently unsubscribing is an all or nothing action, and resubscribing is not easy. It would be useful if users could unsubscribe on a per-certificate basis.
This would be a significant architectural shift from what we do today, but perhaps one day!