Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Let's Encrypt Ends Certificate Expiration Email Notifications

2025-06-30
Let's Encrypt Ends Certificate Expiration Email Notifications

Let's Encrypt has discontinued sending certificate expiration notification emails, effective June 4, 2025. This decision is driven by factors including widespread adoption of automated renewal by users, privacy concerns related to storing millions of email addresses, high maintenance costs, and increased system complexity. Let's Encrypt recommends using third-party services like Red Sift Certificates Lite for expiration notifications. Email addresses provided via the ACME API and associated with issuance data have been deleted, but mailing list subscriptions remain unaffected. Going forward, emails provided via the ACME API will be forwarded to the general ISRG mailing list system, decoupled from account data.

Read more
(letsencrypt.org)
Tech expiration notifications

Let's Encrypt Battles Zombie Clients: A Resource Efficiency War

2025-06-04
Let's Encrypt Battles Zombie Clients: A Resource Efficiency War

Let's Encrypt is battling a horde of 'zombie clients' – abandoned or misconfigured servers repeatedly requesting certificates, wasting resources. Instead of punishment, Let's Encrypt implemented a clever pausing mechanism for account-hostname pairs. After exceeding a threshold of consecutive failed validations, requests are paused, with a self-service unpause option available. Results show a significant reduction in failed requests with minimal user impact, showcasing Let's Encrypt's balance between resource management and user experience.

Read more
(letsencrypt.org)
Tech zombie clients

Let's Encrypt Dropping TLS Client Authentication EKU

2025-05-18
Let's Encrypt Dropping TLS Client Authentication EKU

Let's Encrypt will remove the "TLS Client Authentication" Extended Key Usage (EKU) from its certificates starting in 2026. This primarily affects clients using Let's Encrypt certificates for server authentication. A phased rollout using ACME profiles will minimize disruption. Most website users won't need to take action. The change is driven by Google Chrome's root program requirements and the increasing suitability of private CAs for client authentication.

Read more
(letsencrypt.org)
Tech Certificates

Let's Encrypt to Offer 6-Day Certificates and IP Address Support in 2025

2025-01-16
Let's Encrypt to Offer 6-Day Certificates and IP Address Support in 2025

Let's Encrypt announced plans to introduce two new certificate options in 2025: short-lived certificates with a six-day lifetime and support for IP addresses. Six-day certificates significantly enhance security by minimizing the window of vulnerability. IP address support enables secure TLS connections for IP-accessible services using publicly trusted certificates, eliminating the need for domain names. The rollout will be phased, with general availability expected by the end of 2025. Users will need an ACME client supporting certificate profiles to obtain the short-lived certificates.

Read more
(letsencrypt.org)
Tech SSL Certificates