ACME v1 End of Life concern

regarding this passage in the notice (End of Life Plan for ACMEv1)

Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.

Please consider doing these blackouts weekly and on rotating days with a published schedule. Python's PyPi recently used a similar policy alongside a TLS protocol deprecation, and many people missed the initial warnings because the original blackout periods were too scheduled and didn't coincide with cron-jobs or work patterns. (Heck, you could even have it reject 1/10 of responses on a randomizer). The error messages from a once-monthly blackout are just going to get lost.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.