[boricj]

Neat!

Recently my Synology NAS failed to automatically renew its Let's Encrypt certificate for my domain name and the certificate expired on my blog. I caught it the next day when my GoAccess metrics cratered (took some time to figure out since I normally use the QuickConnect domain name myself, whose certificate was fine), but it could've stayed broken for a very long time otherwise without me noticing.

You got yourself a subscriber.

[toomuchtodo]

Does Let's Encrypt not provide alerting when a cert hasn't been refreshed successfully?

https://letsencrypt.org/docs/expiration-emails/

[boricj]

I did get an email, but it was triaged under the update category inside Gmail and thus buried under a metric ton of other updates (the account is over 14 years old and it has accumulated a lot of crap over the years).

That's totally on me for missing it. On the other hand I only follow a couple of RSS feeds, so it's a notification channel with a far higher signal-to-noise ratio for me.

[nacs]

They do and it has saved me a couple of times.

Even though the renewal app runs as a cron job weekly, it occasionally breaks due to OS updates or some other issue so the email from Lets encrypt that warns me at least a week or before the expiration has been fantastic.

[ThePowerOfFuet]

QuickConnect has had serious security issues in the past, and I recommend very strongly against enabling or using it.

[boricj]

I've disabled it just now. I was basically only using it as an alias anyways.

I did take some very basic precautions otherwise (its firewall is configured to drop all non-local packets but for TCP ports 80 and 443), but at some point I'll have to host my blog properly instead of piggy-backing on a dinky, always-on NAS...