Boulder: Make it possible to resubscribe to notification emails about domain cert. expiring

Created on 21 Jan 2016  路  13Comments  路  Source: letsencrypt/boulder

I would like to be able to resubscribe to emails. I thought that this sentence is true because I have already renewed all of my certs.

If you are receiving this email in error, unsubscribe at http://mandrillapp.com/...

I clicked on link and unsubscribed because I was thinking it will send me more emails about those same cases. But I would still like to recieve emails about expiring in future.

aretools kinenhancement

Most helpful comment

OK, that helps a little. It looks like even changing emails twice back to the original will not help, in that the email is in the rejection list and that's the main issue -- one cannot remove it from there apparently, unless it's done by hand (or I guess through the API for mandrillapp)?

It's kind of shocking that mandrillapp, which looks like it's one of the big guys out there for mail delivery (since it appears to be part of mailchimp), does not even ask for confirmation, which is common, or for a way to "edit your preferences" as many call it.

It looks like the API allows for deleting from the rejects. If you can point where this could be added, perhaps I can add it. Basically, any time an email is changed, the old one should be deleted and remove from the rejects, if it exists there.

All 13 comments

This is good feedback, thanks. For now, one workaround is to update your email address to, e.g. [email protected] (assuming your mail host treats the + specially and delivers to "yourname", as many do.

Unfortunatley, email update is not yet implemented in the official client, but if you are willing to do a little code editing, it's just a signed POST to your registration URL with a new contacts field. :-)

Does this require some knowledge of our mail providers API in Boulder? (i.e. posting to some endpoint to re-sub a user)

I think a better approach would be to implement our own unsubscribe layer.

This is really needed. I accidentally clicked to unsubscribe and I do not get emails any more. Maybe I will try to get a small client for registration only as @jsha suggested.

FYI Certbot now supports changing email address: https://letsencrypt.org/docs/expiration-emails/

OK, that helps a little. It looks like even changing emails twice back to the original will not help, in that the email is in the rejection list and that's the main issue -- one cannot remove it from there apparently, unless it's done by hand (or I guess through the API for mandrillapp)?

It's kind of shocking that mandrillapp, which looks like it's one of the big guys out there for mail delivery (since it appears to be part of mailchimp), does not even ask for confirmation, which is common, or for a way to "edit your preferences" as many call it.

It looks like the API allows for deleting from the rejects. If you can point where this could be added, perhaps I can add it. Basically, any time an email is changed, the old one should be deleted and remove from the rejects, if it exists there.

I'm getting an "Unexpected error",

$ sudo ./certbot-auto register --update-registration --email [email protected]
An unexpected error occurred:
UnexpectedUpdate: RegistrationResource(body=Registration(certificates=None, contact=('mailto:[email protected]',), authorizations=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x33bc210>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/XYZ', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf')
Please see the logfiles in /var/log/letsencrypt for more details.

But I have a feeling it's because this agreement in pdf is different than the agreement url (LE-SA-v1.1.1-August-1-2016.pdf) response coming back?

Yep, I believe that may be why. There's an open PR on Certbot for the UnexpectedUpdate issue.

issue #601 has a work-around (except there is a small typo to use "accounts", not "account" in /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/<hash>/regr.json), though that does not seem to work for me.

I get seemingly a response (actually TWO requests? according to the log!) with http code 202, which seems to mean it was accepted (but needs to be completed), folowed by UnexpectedUpdate

Update -- my bad .. the regr.json file has two instances of the link of the PDF, which I somehow overlooked. After that, it seem to have worked and my new email has been updated. Thanks for the links!

Can someone please explain the workaround for this? I found issue #601, but there wasn't any info there regarding the problem. Searching all pull requests for "UnexpectedUpdate" doesn't returning anything either.

I'm getting the same error:

UnexpectedUpdate: RegistrationResource(body=Registration(certificates=None, contact=('mailto:[email protected]',), authorizations=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x2d018d0>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/878208', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf')

See also #2475

I believe this is out of our hands due to the way our email provider works.

Was this page helpful?
0 / 5 - 0 ratings