diff --git a/management/daemon.py b/management/daemon.py
index 1d4cc2cd..0c7531e6 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -754,7 +754,7 @@ def log_failed_login(request):
 
 	# We need to add a timestamp to the log message, otherwise /dev/log will eat the "duplicate"
 	# message.
-	app.logger.warning( "Mail-in-a-Box Management Daemon: Failed login attempt from ip {} - timestamp {}".format(ip, time.time()))
+	app.logger.warning( f"Mail-in-a-Box Management Daemon: Failed login attempt from ip {ip} - timestamp {time.time()}")
 
 
 # APP
diff --git a/management/dns_update.py b/management/dns_update.py
index 43f801d3..a4caf3b0 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -615,11 +615,11 @@ def write_nsd_conf(zonefiles, additional_records, env):
 
 	# Append the zones.
 	for domain, zonefile in zonefiles:
-		nsdconf += """
+		nsdconf += f"""
 zone:
-	name: {}
-	zonefile: {}
-""".format(domain, zonefile)
+	name: {domain}
+	zonefile: {zonefile}
+"""
 
 		# If custom secondary nameservers have been set, allow zone transfers
 		# and, if not a subnet, notifies to them.
diff --git a/management/mail_log.py b/management/mail_log.py
index 0e1b6c5f..0e440422 100755
--- a/management/mail_log.py
+++ b/management/mail_log.py
@@ -302,7 +302,7 @@ def scan_mail_log(env):
                 for date, sender, message in user_data["blocked"]:
                     if len(sender) > 64:
                         sender = sender[:32] + "…" + sender[-32:]
-                    user_rejects.extend(('{} - {} '.format(date, sender), '  %s' % message))
+                    user_rejects.extend((f'{date} - {sender} ', '  %s' % message))
                 rejects.append(user_rejects)
 
         print_user_table(
diff --git a/management/mailconfig.py b/management/mailconfig.py
index 9eb40849..39ca1b6e 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -588,7 +588,7 @@ def kick(env, mail_result=None):
 			and forwards_to == get_system_administrator(env) \
 			and not auto:
 			remove_mail_alias(address, env, do_kick=False)
-			results.append("removed alias {} (was to {}; domain no longer used for email)\n".format(address, forwards_to))
+			results.append(f"removed alias {address} (was to {forwards_to}; domain no longer used for email)\n")
 
 	# Update DNS and nginx in case any domains are added/removed.
 
diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py
index 3c1df5aa..9d866e6b 100755
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -211,7 +211,7 @@ def get_certificates_to_provision(env, limit_domains=None, show_valid_certs=True
 				if not value: continue # IPv6 is not configured
 				response = query_dns(domain, rtype)
 				if response != normalize_ip(value):
-					bad_dns.append("{} ({})".format(response, rtype))
+					bad_dns.append(f"{response} ({rtype})")
 
 			if bad_dns:
 				domains_cant_provision[domain] = "The domain name does not resolve to this machine: " \
@@ -413,7 +413,7 @@ def create_csr(domain, ssl_key, country_code, env):
 				"openssl", "req", "-new",
 				"-key", ssl_key,
 				"-sha256",
-				"-subj", "/C={}/CN={}".format(country_code, domain)])
+				"-subj", f"/C={country_code}/CN={domain}"])
 
 def install_cert(domain, ssl_cert, ssl_chain, env, raw=False):
 	# Write the combined cert+chain to a temporary path and validate that it is OK.
@@ -537,7 +537,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
 			with open(ssl_private_key, 'rb') as f:
 				priv_key = load_pem(f.read())
 		except ValueError as e:
-			return ("The private key file {} is not a private key file: {}".format(ssl_private_key, str(e)), None)
+			return (f"The private key file {ssl_private_key} is not a private key file: {str(e)}", None)
 
 		if not isinstance(priv_key, RSAPrivateKey):
 			return ("The private key file %s is not a private key file." % ssl_private_key, None)
@@ -565,7 +565,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
 	import datetime
 	now = datetime.datetime.utcnow()
 	if not(cert.not_valid_before <= now <= cert.not_valid_after):
-		return ("The certificate has expired or is not yet valid. It is valid from {} to {}.".format(cert.not_valid_before, cert.not_valid_after), None)
+		return (f"The certificate has expired or is not yet valid. It is valid from {cert.not_valid_before} to {cert.not_valid_after}.", None)
 
 	# Next validate that the certificate is valid. This checks whether the certificate
 	# is self-signed, that the chain of trust makes sense, that it is signed by a CA
diff --git a/management/status_checks.py b/management/status_checks.py
index 044a1187..a753cb59 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -464,11 +464,11 @@ def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles):
 	if existing_rdns_v4 == domain and existing_rdns_v6 in {None, domain}:
 		output.print_ok("Reverse DNS is set correctly at ISP. [{} ↦ {}]".format(my_ips, env['PRIMARY_HOSTNAME']))
 	elif existing_rdns_v4 == existing_rdns_v6 or existing_rdns_v6 is None:
-		output.print_error("""Your box's reverse DNS is currently {}, but it should be {}. Your ISP or cloud provider will have instructions
-			on setting up reverse DNS for your box.""".format(existing_rdns_v4, domain) )
+		output.print_error(f"""Your box's reverse DNS is currently {existing_rdns_v4}, but it should be {domain}. Your ISP or cloud provider will have instructions
+			on setting up reverse DNS for your box.""" )
 	else:
-		output.print_error("""Your box's reverse DNS is currently {} (IPv4) and {} (IPv6), but it should be {}. Your ISP or cloud provider will have instructions
-			on setting up reverse DNS for your box.""".format(existing_rdns_v4, existing_rdns_v6, domain) )
+		output.print_error(f"""Your box's reverse DNS is currently {existing_rdns_v4} (IPv4) and {existing_rdns_v6} (IPv6), but it should be {domain}. Your ISP or cloud provider will have instructions
+			on setting up reverse DNS for your box.""" )
 
 	# Check the TLSA record.
 	tlsa_qname = "_25._tcp." + domain
@@ -482,8 +482,8 @@ def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles):
 			# since TLSA shouldn't be used without DNSSEC.
 			output.print_warning("""The DANE TLSA record for incoming mail is not set. This is optional.""")
 	else:
-		output.print_error("""The DANE TLSA record for incoming mail ({}) is not correct. It is '{}' but it should be '{}'.
-			It may take several hours for public DNS to update after a change.""".format(tlsa_qname, tlsa25, tlsa25_expected))
+		output.print_error(f"""The DANE TLSA record for incoming mail ({tlsa_qname}) is not correct. It is '{tlsa25}' but it should be '{tlsa25_expected}'.
+			It may take several hours for public DNS to update after a change.""")
 
 	# Check that the hostmaster@ email address exists.
 	check_alias_exists("Hostmaster contact address", "hostmaster@" + domain, env, output)
@@ -492,7 +492,7 @@ def check_alias_exists(alias_name, alias, env, output):
 	mail_aliases = {address: receivers for address, receivers, *_ in get_mail_aliases(env)}
 	if alias in mail_aliases:
 		if mail_aliases[alias]:
-			output.print_ok("{} exists as a mail alias. [{} ↦ {}]".format(alias_name, alias, mail_aliases[alias]))
+			output.print_ok(f"{alias_name} exists as a mail alias. [{alias} ↦ {mail_aliases[alias]}]")
 		else:
 			output.print_error("""You must set the destination of the mail alias for %s to direct email to you or another administrator.""" % alias)
 	else:
@@ -527,12 +527,12 @@ def check_dns_zone(domain, env, output, dns_zonefiles):
 		output.print_ok("Nameservers are set correctly at registrar. [%s]" % correct_ns)
 	elif ip == correct_ip:
 		# The domain resolves correctly, so maybe the user is using External DNS.
-		output.print_warning("""The nameservers set on this domain at your domain name registrar should be {}. They are currently {}.
-			If you are using External DNS, this may be OK.""".format(correct_ns, existing_ns) )
+		output.print_warning(f"""The nameservers set on this domain at your domain name registrar should be {correct_ns}. They are currently {existing_ns}.
+			If you are using External DNS, this may be OK.""" )
 		probably_external_dns = True
 	else:
-		output.print_error("""The nameservers set on this domain are incorrect. They are currently {}. Use your domain name registrar's
-			control panel to set the nameservers to {}.""".format(existing_ns, correct_ns) )
+		output.print_error(f"""The nameservers set on this domain are incorrect. They are currently {existing_ns}. Use your domain name registrar's
+			control panel to set the nameservers to {correct_ns}.""" )
 
 	# Check that each custom secondary nameserver resolves the IP address.
 
@@ -553,7 +553,7 @@ def check_dns_zone(domain, env, output, dns_zonefiles):
 			elif ip is None:
 				output.print_error("Secondary nameserver %s is not configured to resolve this domain." % ns)
 			else:
-				output.print_error("Secondary nameserver {} is not configured correctly. (It resolved this domain as {}. It should be {}.)".format(ns, ip, correct_ip))
+				output.print_error(f"Secondary nameserver {ns} is not configured correctly. (It resolved this domain as {ip}. It should be {correct_ip}.)")
 
 def check_dns_zone_suggestions(domain, env, output, dns_zonefiles, domains_with_a_records):
 	# Warn if a custom DNS record is preventing this or the automatic www redirect from
@@ -693,7 +693,7 @@ def check_mail_domain(domain, env, output):
 		# the primary hostname's A record (the MX fallback) is... itself,
 		# which is what we want the MX to be.
 		if domain == env['PRIMARY_HOSTNAME']:
-			output.print_ok("Domain's email is directed to this domain. [{} has no MX record, which is ok]".format(domain))
+			output.print_ok(f"Domain's email is directed to this domain. [{domain} has no MX record, which is ok]")
 
 		# And a missing MX record is okay on other domains if the A record
 		# matches the A record of the PRIMARY_HOSTNAME. Actually this will
@@ -702,16 +702,16 @@ def check_mail_domain(domain, env, output):
 			domain_a = query_dns(domain, "A", nxdomain=None)
 			primary_a = query_dns(env['PRIMARY_HOSTNAME'], "A", nxdomain=None)
 			if domain_a is not None and domain_a == primary_a:
-				output.print_ok("Domain's email is directed to this domain. [{} has no MX record but its A record is OK]".format(domain))
+				output.print_ok(f"Domain's email is directed to this domain. [{domain} has no MX record but its A record is OK]")
 			else:
-				output.print_error("""This domain's DNS MX record is not set. It should be '{}'. Mail will not
+				output.print_error(f"""This domain's DNS MX record is not set. It should be '{recommended_mx}'. Mail will not
 					be delivered to this box. It may take several hours for public DNS to update after a
-					change. This problem may result from other issues listed here.""".format(recommended_mx))
+					change. This problem may result from other issues listed here.""")
 
 	elif mxhost == env['PRIMARY_HOSTNAME']:
-		good_news = "Domain's email is directed to this domain. [{} ↦ {}]".format(domain, mx)
+		good_news = f"Domain's email is directed to this domain. [{domain} ↦ {mx}]"
 		if mx != recommended_mx:
-			good_news += "  This configuration is non-standard.  The recommended configuration is '{}'.".format(recommended_mx)
+			good_news += f"  This configuration is non-standard.  The recommended configuration is '{recommended_mx}'."
 		output.print_ok(good_news)
 
 		# Check MTA-STS policy.
@@ -727,9 +727,9 @@ def check_mail_domain(domain, env, output):
 			output.print_error(f"MTA-STS policy is missing: {valid}")
 
 	else:
-		output.print_error("""This domain's DNS MX record is incorrect. It is currently set to '{}' but should be '{}'. Mail will not
+		output.print_error(f"""This domain's DNS MX record is incorrect. It is currently set to '{mx}' but should be '{recommended_mx}'. Mail will not
 			be delivered to this box. It may take several hours for public DNS to update after a change. This problem may result from
-			other issues listed here.""".format(mx, recommended_mx))
+			other issues listed here.""")
 
 	# Check that the postmaster@ email address exists. Not required if the domain has a
 	# catch-all address or domain alias.
@@ -747,9 +747,9 @@ def check_mail_domain(domain, env, output):
 	elif dbl == "[Not Set]":
 		output.print_warning(f"Could not connect to dbl.spamhaus.org. We could not determine whether the domain {domain} is blacklisted. Please try again later.")
 	else:
-		output.print_error("""This domain is listed in the Spamhaus Domain Block List (code {}),
+		output.print_error(f"""This domain is listed in the Spamhaus Domain Block List (code {dbl}),
 			which may prevent recipients from receiving your mail.
-			See http://www.spamhaus.org/dbl/ and http://www.spamhaus.org/query/domain/{}.""".format(dbl, domain))
+			See http://www.spamhaus.org/dbl/ and http://www.spamhaus.org/query/domain/{domain}.""")
 
 def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
 	# See if the domain's A record resolves to our PUBLIC_IP. This is already checked
@@ -763,9 +763,9 @@ def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
 			if value == normalize_ip(expected):
 				ok_values.append(value)
 			else:
-				output.print_error("""This domain should resolve to your box's IP address ({} {}) if you would like the box to serve
-					webmail or a website on this domain. The domain currently resolves to {} in public DNS. It may take several hours for
-					public DNS to update after a change. This problem may result from other issues listed here.""".format(rtype, expected, value))
+				output.print_error(f"""This domain should resolve to your box's IP address ({rtype} {expected}) if you would like the box to serve
+					webmail or a website on this domain. The domain currently resolves to {value} in public DNS. It may take several hours for
+					public DNS to update after a change. This problem may result from other issues listed here.""")
 				return
 
 		# If both A and AAAA are correct...
@@ -937,7 +937,7 @@ def check_miab_version(env, output):
 		elif latest_ver is None:
 			output.print_error("Latest Mail-in-a-Box version could not be determined. You are running version %s." % this_ver)
 		else:
-			output.print_error("A new version of Mail-in-a-Box is available. You are running version {}. The latest version is {}. For upgrade instructions, see https://mailinabox.email. ".format(this_ver, latest_ver))
+			output.print_error(f"A new version of Mail-in-a-Box is available. You are running version {this_ver}. The latest version is {latest_ver}. For upgrade instructions, see https://mailinabox.email. ")
 
 def run_and_output_changes(env, pool):
 	import json
diff --git a/management/utils.py b/management/utils.py
index 178a03bc..54b5bb86 100644
--- a/management/utils.py
+++ b/management/utils.py
@@ -22,7 +22,7 @@ def load_env_vars_from_file(fn):
 def save_environment(env):
     with open("/etc/mailinabox.conf", "w") as f:
         for k, v in env.items():
-            f.write("{}={}\n".format(k, v))
+            f.write(f"{k}={v}\n")
 
 # THE SETTINGS FILE AT STORAGE_ROOT/settings.yaml.
 
diff --git a/management/web_update.py b/management/web_update.py
index 0a652b22..0aeae2ec 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -195,7 +195,7 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 				nginx_conf_extra += "\n\t\talias %s;" % alias
 				nginx_conf_extra += "\n\t}\n"
 			for path, url in yaml.get("redirects", {}).items():
-				nginx_conf_extra += "\trewrite {} {} permanent;\n".format(path, url)
+				nginx_conf_extra += f"\trewrite {path} {url} permanent;\n"
 
 			# override the HSTS directive type
 			hsts = yaml.get("hsts", hsts)
diff --git a/setup/migrate.py b/setup/migrate.py
index bf5685ff..4b7591ba 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -222,7 +222,7 @@ def run_migrations():
 
 	if migration_id is None:
 		print()
-		print("{} file doesn't exists. Skipping migration...".format(migration_id_file))
+		print(f"{migration_id_file} file doesn't exists. Skipping migration...")
 		return
 
 	ourver = int(migration_id)
diff --git a/tests/fail2ban.py b/tests/fail2ban.py
index cf5bec88..2f2ac352 100644
--- a/tests/fail2ban.py
+++ b/tests/fail2ban.py
@@ -152,7 +152,7 @@ def restart_fail2ban_service(final=False):
 	if not final:
 		# Stop recidive jails during testing.
 		command += " && sudo fail2ban-client stop recidive"
-	os.system('{} "{}"'.format(ssh_command, command))
+	os.system(f'{ssh_command} "{command}"')
 
 def testfunc_runner(i, testfunc, *args):
 	print(i+1, end=" ", flush=True)
diff --git a/tests/test_dns.py b/tests/test_dns.py
index eac0ce1b..53fdb545 100755
--- a/tests/test_dns.py
+++ b/tests/test_dns.py
@@ -98,7 +98,7 @@ else:
 		# And if that's OK, also check reverse DNS (the PTR record).
 		if not test_ptr("8.8.8.8", "Google Public DNS (Reverse DNS)"):
 			print ()
-			print ("The reverse DNS for {} is not correct. Consult your ISP for how to set the reverse DNS (also called the PTR record) for {} to {}.".format(hostname, hostname, ipaddr))
+			print (f"The reverse DNS for {hostname} is not correct. Consult your ISP for how to set the reverse DNS (also called the PTR record) for {hostname} to {ipaddr}.")
 			sys.exit(1)
 		else:
 			print ("And the reverse DNS for the domain is correct.")
diff --git a/tests/test_smtp_server.py b/tests/test_smtp_server.py
index ca7e15ed..246f4ecc 100755
--- a/tests/test_smtp_server.py
+++ b/tests/test_smtp_server.py
@@ -6,11 +6,11 @@ if len(sys.argv) < 3:
         sys.exit(1)
 
 host, toaddr, fromaddr = sys.argv[1:4]
-msg = """From: {}
-To: {}
+msg = f"""From: {fromaddr}
+To: {toaddr}
 Subject: SMTP server test
 
-This is a test message.""".format(fromaddr, toaddr)
+This is a test message."""
 
 server = smtplib.SMTP(host, 25)
 server.set_debuglevel(1)