Hacker News new | past | comments | ask | show | jobs | submit login

> Ongoing maintenance is approximately nothing.

But don't forget to periodically check the TLS certificate of your SMTP server. Administrators often forget to renew the certificates, and automated renewal processes may also break.

I've seen countless examples of SMTP servers with expired certs. The problem is that you won't notice it, as SMTP will fall back to plain-text communication if the certificate is invalid. So the server will still work with an expired cert.

But if you want to do it right, or if you want to adopt MTA-STS, you usually need to do a bit of regular maintenance on the TLS part.

We've also had some of our users report that an expired cert was hurting their domain reputation for spam algorithms. We have not been able to verify that, but it sounds plausible.




Let's Encrypt makes this easy to automate and get notified of any problems on renewal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: