diff --git a/src/conf.c b/src/conf.c
index 8a2e0019a..d3c25cae8 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -6969,6 +6969,21 @@ int	_test_link(ConfigFile *conf, ConfigEntry *ce)
 				errors++;
 				continue;
 			}
+			if (config_checkval(cep->value, CFG_YESNO))
+			{
+				unreal_log(ULOG_WARNING, "config", "CONFIG_VERIFY_CERTIFICATE_DEPRECATED", NULL,
+				           "$file:$line_number: link::verify-certificate should no longer be used because public "
+				           "certificate authorities are dropping the 'Client Authentication EKU' from TLS certs, "
+				           "see e.g. https://letsencrypt.org/2025/05/14/ending-tls-client-authentication.\n"
+				           "We recommend using a 'dual certificate setup' as outlined in "
+				           "https://www.unrealircd.org/docs/Using_Let's_Encrypt_with_UnrealIRCd which will give you: "
+				           "1) A short-lived certificate from Let's Encrypt on port 6697 and "
+				           "2) A long-lived self-signed certificate used for linking on serversonly port 6900.\n"
+				           "And then simply use 'spkifp' for linking on port 6900 as outlined in "
+				           "https://www.unrealircd.org/docs/Tutorial:_Linking_servers",
+				           log_data_string("file", cep->file->filename),
+				           log_data_integer("line_number", cep->line_number));
+			}
 		}
 		else if (!strcmp(cep->name, "options"))
 		{
diff --git a/src/modules/server.c b/src/modules/server.c
index 3d61c174f..f40dd2b4e 100644
--- a/src/modules/server.c
+++ b/src/modules/server.c
@@ -1739,8 +1739,6 @@ void tls_link_notification_verify(Client *client, ConfigItem_link *aconf)
 {
 	const char *spki_fp;
 	const char *tls_fp;
-	char *errstr = NULL;
-	int verify_ok;
 
 	if (!MyConnect(client) || !client->local->ssl || !aconf || IsLocalhost(client))
 		return;
@@ -1767,43 +1765,15 @@ void tls_link_notification_verify(Client *client, ConfigItem_link *aconf)
 	if (!tls_fp || !spki_fp)
 		return; /* wtf ? */
 
-	verify_ok = verify_certificate(client->local->ssl, aconf->servername, &errstr);
-	if (errstr && strstr(errstr, "not valid for hostname"))
-	{
-		unreal_log(ULOG_WARNING, "link", "WARN_UNVERIFIED_LINK_CERTIFICATE", client,
-		          "This server link is not verified (and hence is suspectible to an active MITM attack). "
-		          "In future UnrealIRCd versions this will become a fatal error!\n"
-		          "More information about this can be found on https://www.unrealircd.org/Link_verification\n"
-		          "Unfortunately the certificate of server '$client' has a name mismatch:\n"
-		          "$tls_verify_error\n"
-		          "This isn't a fatal error but it will prevent you from using verify-certificate yes;",
-		          log_data_link_block(aconf),
-		          log_data_string("tls_verify_error", errstr));
-	} else
-	if (!verify_ok)
-	{
-		unreal_log(ULOG_WARNING, "link", "WARN_UNVERIFIED_LINK_CERTIFICATE", client,
-		          "This server link is not verified (and hence is suspectible to an active MITM attack). "
-		          "In future UnrealIRCd versions this will become a fatal error!\n"
-		          "More information about this can be found on https://www.unrealircd.org/Link_verification\n"
-		          "In short: in the configuration file, change the 'link $client {' block to use this as a password:\n"
-		          "password \"$spki_fingerprint\" { spkifp; };\n"
-		          "And follow the instructions on the other side of the link as well (which will be similar, but will use a different hash)",
-		          log_data_link_block(aconf),
-		          log_data_string("spki_fingerprint", spki_fp));
-	} else
-	{
-		unreal_log(ULOG_WARNING, "link", "WARN_UNVERIFIED_LINK_CERTIFICATE", client,
-		          "This server link is not verified (and hence is suspectible to an active MITM attack). "
-		          "In future UnrealIRCd versions this will become a fatal error!\n"
-		          "More information about this can be found on https://www.unrealircd.org/Link_verification\n"
-		          "In short: in the configuration file, add the following to your 'link $client {' block:\n"
-		          "verify-certificate yes;\n"
-		          "Alternatively, you could use SPKI fingerprint verification. Then change the password in the link block to be:\n"
-		          "password \"$spki_fingerprint\" { spki_fp; };",
-		          log_data_link_block(aconf),
-		          log_data_string("spki_fingerprint", spki_fp));
-	}
+	unreal_log(ULOG_WARNING, "link", "WARN_UNVERIFIED_LINK_CERTIFICATE", client,
+	          "This server link is not verified (and hence is suspectible to an active MITM attack). "
+	          "In future UnrealIRCd versions this will become a fatal error!\n"
+	          "More information about this can be found on https://www.unrealircd.org/Link_verification\n"
+	          "In short: in the configuration file, change the 'link $client {' block to use this as a password:\n"
+	          "password \"$spki_fingerprint\" { spkifp; };\n"
+	          "And follow the instructions on the other side of the link as well (which will be similar, but will use a different hash)",
+	          log_data_link_block(aconf),
+	          log_data_string("spki_fingerprint", spki_fp));
 }
 
 /** This will send "to" a full list of the modes for channel channel,