diff --git a/management/backup.py b/management/backup.py
index 2b0b79ae..6e85e3af 100755
--- a/management/backup.py
+++ b/management/backup.py
@@ -33,14 +33,14 @@ def backup_status(env):
 	def reldate(date, ref, clip):
 		if ref < date: return clip
 		rd = dateutil.relativedelta.relativedelta(ref, date)
-		if rd.years > 1: return "{:d} years, {:d} months".format(rd.years, rd.months)
-		if rd.years == 1: return "{:d} year, {:d} months".format(rd.years, rd.months)
-		if rd.months > 1: return "{:d} months, {:d} days".format(rd.months, rd.days)
-		if rd.months == 1: return "{:d} month, {:d} days".format(rd.months, rd.days)
-		if rd.days >= 7: return "{:d} days".format(rd.days)
-		if rd.days > 1: return "{:d} days, {:d} hours".format(rd.days, rd.hours)
-		if rd.days == 1: return "{:d} day, {:d} hours".format(rd.days, rd.hours)
-		return "{:d} hours, {:d} minutes".format(rd.hours, rd.minutes)
+		if rd.years > 1: return f"{rd.years:d} years, {rd.months:d} months"
+		if rd.years == 1: return f"{rd.years:d} year, {rd.months:d} months"
+		if rd.months > 1: return f"{rd.months:d} months, {rd.days:d} days"
+		if rd.months == 1: return f"{rd.months:d} month, {rd.days:d} days"
+		if rd.days >= 7: return f"{rd.days:d} days"
+		if rd.days > 1: return f"{rd.days:d} days, {rd.hours:d} hours"
+		if rd.days == 1: return f"{rd.days:d} day, {rd.hours:d} hours"
+		return f"{rd.hours:d} hours, {rd.minutes:d} minutes"
 
 	# Get duplicity collection status and parse for a list of backups.
 	def parse_line(line):
@@ -130,7 +130,7 @@ def backup_status(env):
 		# It still can't be deleted until it's old enough.
 		est_deleted_on = max(est_time_of_next_full, first_date + datetime.timedelta(days=config["min_age_in_days"]))
 
-		deleted_in = "approx. {:d} days".format(round((est_deleted_on-now).total_seconds()/60/60/24 + .5))
+		deleted_in = f"approx. {round((est_deleted_on-now).total_seconds()/60/60/24 + .5):d} days"
 
 	# When will a backup be deleted? Set the deleted_in field of each backup.
 	saw_full = False
diff --git a/management/dns_update.py b/management/dns_update.py
index d72fbe1c..5449c3ec 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -459,11 +459,8 @@ def build_sshfp_records():
 		if not key.strip() or key[0] == "#": continue
 		try:
 			_host, keytype, pubkey = key.split(" ")
-			yield "{:d} {:d} ( {} )".format(
-				algorithm_number[keytype],
-				2, # specifies we are using SHA-256 on next line
-				hashlib.sha256(base64.b64decode(pubkey)).hexdigest().upper(),
-				)
+			yield f"{algorithm_number[keytype]:d} {2 # specifies we are using SHA-256 on next line
+				:d} ( {hashlib.sha256(base64.b64decode(pubkey)).hexdigest().upper()} )"
 		except:
 			# Lots of things can go wrong. Don't let it disturb the DNS
 			# zone.
diff --git a/management/mail_log.py b/management/mail_log.py
index a641ef7d..c15c444a 100755
--- a/management/mail_log.py
+++ b/management/mail_log.py
@@ -619,12 +619,12 @@ def print_time_table(labels, data, do_print=True):
     labels.insert(0, "hour")
     data.insert(0, [str(h) for h in range(24)])
 
-    temp = "│ {{:<{:d}}} ".format(max(len(l) for l in labels))
+    temp = f"│ {{:<{max(len(l) for l in labels):d}}} "
     lines = [temp.format(label) for label in labels]
 
     for h in range(24):
         max_len = max(len(str(d[h])) for d in data)
-        base = "{{:>{:d}}} ".format(max(2, max_len))
+        base = f"{{:>{max(2, max_len):d}}} "
 
         for i, d in enumerate(data):
             lines[i] += base.format(d[h])
@@ -753,7 +753,7 @@ def print_user_table(users, data=None, sub_data=None, activity=None, latest=None
     data_accum = [numstr(a) for a in data_accum]
     footer = str_temp.format("Totals:" if do_accum else " ")
     for row, (l, _) in enumerate(data):
-        temp = "{{:>{:d}}}".format(max(5, len(l) + 1))
+        temp = f"{{:>{max(5, len(l) + 1):d}}}"
         footer += temp.format(data_accum[row])
 
     try:
diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py
index 27ecdc79..f95be4df 100755
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -604,7 +604,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
 	ndays = (cert_expiration_date-now).days
 	if not rounded_time or ndays <= 10:
 		# Yikes better renew soon!
-		expiry_info = "The certificate expires in {:d} days on {}.".format(ndays, cert_expiration_date.date().isoformat())
+		expiry_info = f"The certificate expires in {ndays:d} days on {cert_expiration_date.date().isoformat()}."
 	else:
 		# We'll renew it with Lets Encrypt.
 		expiry_info = f"The certificate expires on {cert_expiration_date.date().isoformat()}."
diff --git a/management/status_checks.py b/management/status_checks.py
index e0cc7b07..6c736423 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -209,7 +209,7 @@ def check_software_updates(env, output):
 	elif len(pkgs) == 0:
 		output.print_ok("System software is up to date.")
 	else:
-		output.print_error("There are {:d} software packages that can be updated.".format(len(pkgs)))
+		output.print_error(f"There are {len(pkgs):d} software packages that can be updated.")
 		for p in pkgs:
 			output.print_line("{} ({})".format(p["package"], p["version"]))
 
@@ -223,7 +223,7 @@ def check_free_disk_space(rounded_values, env, output):
 	st = os.statvfs(env['STORAGE_ROOT'])
 	bytes_total = st.f_blocks * st.f_frsize
 	bytes_free = st.f_bavail * st.f_frsize
-	disk_msg = "The disk has {:.2f} GB space remaining.".format(bytes_free/1024.0/1024.0/1024.0)
+	disk_msg = f"The disk has {bytes_free/1024.0/1024.0/1024.0:.2f} GB space remaining."
 	if bytes_free > .3 * bytes_total:
 		if rounded_values: disk_msg = "The disk has more than 30% free space."
 		output.print_ok(disk_msg)
diff --git a/setup/migrate.py b/setup/migrate.py
index 7f2ec60d..daca785b 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -198,7 +198,7 @@ def get_current_migration():
 	ver = 0
 	while True:
 		next_ver = (ver + 1)
-		migration_func = globals().get("migration_{:d}".format(next_ver))
+		migration_func = globals().get(f"migration_{next_ver:d}")
 		if not migration_func:
 			return ver
 		ver = next_ver
@@ -230,14 +230,14 @@ def run_migrations():
 
 	while True:
 		next_ver = (ourver + 1)
-		migration_func = globals().get("migration_{:d}".format(next_ver))
+		migration_func = globals().get(f"migration_{next_ver:d}")
 
 		if not migration_func:
 			# No more migrations to run.
 			break
 
 		print()
-		print("Running migration to Mail-in-a-Box #{:d}...".format(next_ver))
+		print(f"Running migration to Mail-in-a-Box #{next_ver:d}...")
 
 		try:
 			migration_func(env)
diff --git a/tests/fail2ban.py b/tests/fail2ban.py
index 8f38cfa6..a00a4ca4 100644
--- a/tests/fail2ban.py
+++ b/tests/fail2ban.py
@@ -199,7 +199,7 @@ def run_test(testfunc, args, count, within_seconds, parallel):
 
 	# Did we make enough requests within the limit?
 	if (time.time()-start_time) > within_seconds:
-		raise Exception("Test failed to make {} requests in {:d} seconds.".format(count, within_seconds))
+		raise Exception(f"Test failed to make {count} requests in {within_seconds:d} seconds.")
 
 	# Wait a moment for the block to be put into place.
 	time.sleep(4)
diff --git a/tests/tls.py b/tests/tls.py
index 317ea611..368d1822 100644
--- a/tests/tls.py
+++ b/tests/tls.py
@@ -69,7 +69,7 @@ MOZILLA_CIPHERS_OLD = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
 
 def sslyze(opts, port, ok_ciphers):
 	# Print header.
-	header = ("PORT {:d}".format(port))
+	header = (f"PORT {port:d}")
 	print(header)
 	print("-" * (len(header)))
 
@@ -83,7 +83,7 @@ def sslyze(opts, port, ok_ciphers):
 	proxy_proc = None
 	if proxy:
 		connection_string = "localhost:10023"
-		proxy_proc = subprocess.Popen(["ssh", "-N", "-L10023:{}:{:d}".format(host, port), proxy])
+		proxy_proc = subprocess.Popen(["ssh", "-N", f"-L10023:{host}:{port:d}", proxy])
 		time.sleep(3)
 
 	try: