[ThreeFx]

I completely agree on the breaking issues, it is a _lot_ of work to maintain a website these days. In 99% of the cases I'd also agree with you that there should be _no_ reason ever to break e.g. a library used or something.

But the thing about certbot and TLS is that these things are security-relevant, and IMO security one of the only (if not the only) reason to break compatibility these days. TLS ciphers break, heck even the TLS protocol itself may reveal flaws later (see POODLE, BEAST, FREAK, etc.). That's why SSLv2, SSLv3 and TLS1.0 are deprecated: Not because there is a better protocol out there, but because the protocols are inherently insecure. (There is no huge flaw in TLS1.1 I am aware of, it uses MD5 and SHA1 under the hood for master secret derivation, but that's about the only thing).

I'm with you that maintenance is a big chunk of work, but that's IMO a price you pay for being in control. I've got a few services running myself, and honestly I forget about the boxes after setup and enabling auto-upgrades, so it isn't too breaking, at least for me.