For announcements of upcoming changes, please subscribe to the Technical Updates mailing list or see the API Announcements category on the Let’s Encrypt community forum.
On June 4, 2025, we intend to turn off our expiration email notification service, and delete all email addresses associated with ACME accounts from our production database.
Around the end of 2025, we intend to allow any client which supports ACME Profiles (see below) to request a “shortlived” certificate. These certificates are valid for such a short time that they do not need to have revocation information (such as OCSP, see below) embedded in them at all.
Around the end of 2025, we intend to allow any client which requests a shortlived certificate (see above) to also request that the certificate contain IP Addresses in its Subject Alternative Names. These addresses will be validated in much the same way as DNS Names are today.
On Feb 11, 2026, we intend to remove the “TLS Client Authentication” Extended Key Usage (EKU) from our default certificate profile. Prior to that date, we will offer an alternative profile which will still contain that EKU, but note that this will be a temporary stop-gap for clients that need more time to migrate away from needing it: that alternate profile will go away on May 13, 2026.
Enabled: May 7, 2025.
Our certificates no longer contain an Authority Information Access (AIA) Online Certificate Status Protocol (OCSP) URL. Instead, they contain a Certificate Revocation List (CRL) Distribution Point (CRLDP) URL. Relying parties can retrieve revocation status information via CRLs, and ACME clients can obtain renewal hints via ARI (see below).
Enabled: January 9, 2025.
Clients which support the draft ACME Profiles extension can now request that their certificate conform to one of our supported profiles.
Enabled: March 14, 2024
We now operate Certificate Transparency (CT) logs which conform to the new Static CT API Spec, running the Sunlight software. Now that various CT log programs have updated their policies to accept this new kind of log, we intend to submit our logs for inclusion in those programs soon.
Enabled: March 23, 2023.
We now provide suggested renewal windows for all issued certificates, which clients can query using the ACME ARI extension.