Upcoming Features

Voir en Français

Ver en español



Auf Deutsch ansehen

Просмотреть на русском


한국어로 보기

Multi-Perspective Validation

Currently Let’s Encrypt validates from a single network perspective. We are planning to start validating from multiple network perspectives.

ECDSA Root and Intermediates

Currently Let’s Encrypt only signs end-entity certificates with RSA intermediates. Let’s Encrypt will generate an ECDSA root and intermediates which can be used to sign end-entity certificates.

Completed Features

Certificate Transparency Log

We are starting to operate a Certificate Transparency log.

TLS ALPN Challenge Support

We’ve specified and implemented a replacement for the TLS-SNI validation method, which was discontinued for security reasons. Introducing a replacement was important for subscribers who only want to use port 443 for validation.

Embed SCT receipts in certificates

Wildcard Certificates


IDN Support

Let’s Encrypt now supports issuance for Internationalized Domain Names (IDNs).

Full IPv6 Support

Initially, only parts of the Let’s Encrypt API infrastructure could communicate via IPv6. This prevented IPv6-only systems from being able to fully interact with Let’s Encrypt. This has been resolved - IPv6 support has been enabled for all functionality.

Windows XP Certificate Compatibility

Resolved an issue with our certificate chain that prevented Let’s Encrypt certificates from being accepted by browsers on Windows XP.

ECDSA Signing Support

Added the ability for Let’s Encrypt to sign ECDSA keys with Let’s Encrypt’s RSA intermediates. Support for signing ECDSA keys with a full ECDSA cert chain will be added later.

ACME DNS Challenge Support

Let’s Encrypt allows validation via DNS records as defined in the ACME specification.