I got a mail from some days ago:

Subject: [] Your Certificate is about to expire
Date: Sun, 13 Nov 2016 22:46:04 +0100 (CET)
X-Mailer: Website

Hi Christian,

You are receiving this email as you are the listed contact for:


Your certificate with the serial number 024EB8 is set to expire in approximately 1 days time. You can renew it by going to the following URL:

Best Regards
CAcert Support

I did not renew the certificate this time.


I've been using SSL certificates from since 2006. They are the only community-run Certification Authority and offered SSL certificates for free at a time nobody else could imagine that.

The big problem was that no browser trusted their root certificate by default, so you always had to manually install their root cert in each browser, on each operating system, on each mobile phone.

Debian once had them included, but removed support in 2014 until some audit/certification process would be completed - which it never was.

Let's Encrypt

Two years ago, appeared and not only gave out free SSL certificates, but also provided an API ("ACME") to renew them.

But the most significant feature they provided was browser trust - which they got by getting their own root certificate signed by an already trusted certificate authority.

Today is dead for me. Let's encrypt certificates work out of the box and are easier to update.

The first issue will most likely never be solved for, the second could be if their software would support the ACME SSL certificate renewal protocol. But neither their wiki nor their bug tracker have an ACME page/issue, so that probably won't happen.

Written by Christian Weiske.

Comments? Please send an e-mail.