For announcements of upcoming changes, please see the API Announcements category on the Let’s Encrypt community forum.
We are issuing certificates from our production ECDSA intermediates to ECDSA leaf certificates. See the Chains of Trust documentation for full details on our PKI hierarchy.
We now run ARI, a system that allows us to notify subscribers via API when they need to renew.
We now validate domain control from multiple network perspectives.
We now operate a Certificate Transparency log.
We’ve specified and implemented a replacement for the TLS-SNI validation method, which was discontinued for security reasons. Introducing a replacement was important for subscribers who only want to use port 443 for validation.