diff --git a/docs/administration.rst b/docs/administration.rst
index ae393ac0..1415e598 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -286,7 +286,7 @@ Supported types:
 
 * CA certificate expiration
 * Pending ACME certificate failure
-* Certificate rotation (currently disabled in code)
+* Certificate rotation
 
 **Default notifications**
 
@@ -352,6 +352,12 @@ Whenever a pending ACME certificate fails to be issued, Lemur will send a notifi
 and security team (as specified by the ``LEMUR_SECURITY_TEAM_EMAIL`` configuration parameter). This email is not sent if
 the pending certificate had notifications disabled.
 
+**Certificate rotation**
+
+Whenever a cert is rotated, Lemur will send a notification via email to the certificate owner. This notification is
+disabled by default; to enable it, you must set the option ``--notify`` (when using cron) or the configuration parameter
+``ENABLE_ROTATION_NOTIFICATION`` (when using celery).
+
 **Email notifications**
 
 Templates for emails are located under `lemur/plugins/lemur_email/templates` and can be modified for your needs.
diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 3d3e2ca0..f205da3f 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -864,3 +864,13 @@ def cleanup_after_revoke(certificate):
 
     database.update(certificate)
     return error_message
+
+
+def get_issued_cert_count_for_authority(authority):
+    """
+    Returns the count of certs issued by the specified authority.
+
+    :return:
+    """
+    query = database.session_query(Certificate.id).filter(Authority.id == authority.id)
+    return database.get_count(query)
diff --git a/lemur/common/celery.py b/lemur/common/celery.py
index f428927e..9dc4bd0a 100644
--- a/lemur/common/celery.py
+++ b/lemur/common/celery.py
@@ -656,11 +656,12 @@ def certificate_rotate(**kwargs):
 
     current_app.logger.debug(log_data)
     try:
+        notify = current_app.config.get("ENABLE_ROTATION_NOTIFICATION", None)
         if region:
             log_data["region"] = region
-            cli_certificate.rotate_region(None, None, None, None, True, region)
+            cli_certificate.rotate_region(None, None, None, notify, True, region)
         else:
-            cli_certificate.rotate(None, None, None, None, True)
+            cli_certificate.rotate(None, None, None, notify, True)
     except SoftTimeLimitExceeded:
         log_data["message"] = "Certificate rotate: Time limit exceeded."
         current_app.logger.error(log_data)
diff --git a/lemur/notifications/messaging.py b/lemur/notifications/messaging.py
index 5aa6b3ee..75d829b1 100644
--- a/lemur/notifications/messaging.py
+++ b/lemur/notifications/messaging.py
@@ -19,9 +19,10 @@ from sqlalchemy import and_
 from sqlalchemy.sql.expression import false, true
 
 from lemur import database
+from lemur.certificates import service as certificates_service
 from lemur.certificates.models import Certificate
 from lemur.certificates.schemas import certificate_notification_output_schema
-from lemur.common.utils import windowed_query
+from lemur.common.utils import windowed_query, is_selfsigned
 from lemur.constants import FAILURE_METRIC_STATUS, SUCCESS_METRIC_STATUS
 from lemur.extensions import metrics, sentry
 from lemur.pending_certificates.schemas import pending_certificate_output_schema
@@ -241,6 +242,8 @@ def send_authority_expiration_notifications():
                 cert_data = certificate_notification_output_schema.dump(
                     certificate
                 ).data
+                cert_data['self_signed'] = is_selfsigned(certificate.parsed_cert)
+                cert_data['issued_cert_count'] = certificates_service.get_issued_cert_count_for_authority(certificate.root_authority)
                 notification_data.append(cert_data)
 
             email_recipients = security_email + [owner]
diff --git a/lemur/plugins/lemur_email/templates/authority_expiration.html b/lemur/plugins/lemur_email/templates/authority_expiration.html
index 984a7483..7c343417 100644
--- a/lemur/plugins/lemur_email/templates/authority_expiration.html
+++ b/lemur/plugins/lemur_email/templates/authority_expiration.html
@@ -91,7 +91,12 @@
                                                                     <span style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:20px;color:#202020">{{ certificate.name }}</span>
                                                                     <br>
                                                                     <span style="font-family:Roboto-Regular,Helvetica,Arial,sans-serif;font-size:13px;color:#727272">
-                                                                        {{ certificate.endpoints | length }} Endpoints
+                                                                       {% if certificate.self_signed %}
+                                                                           <b>Root</b>
+                                                                       {% else %}
+                                                                           Subordinate
+                                                                       {% endif %} CA
+                                                                        <br>{{ certificate.issued_cert_count }} issued certificates
                                                                         <br>{{ certificate.owner }}
                                                                         <br>{{ certificate.validityEnd | time }}
                                                                         <a href="https://{{ hostname }}/#/certificates/{{ certificate.name }}" target="_blank">Details</a>