ACMEv1 renewals EOL

Hello,
Regarding the announcement on ACMEv1 EOL, could you clarify the following paragraph?

Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.

My understanding is that renewal of domains will continue to work until 2021, but I don't get why Renewal failures should be limited, it seems to imply that renewal might fail before that date?

Thanks for you help,
Emilien

I don't get this, instead. Shouldn't it gradually ramp up?

Not before but during those 24 hour periods when the ACMEv1 API endpoint is temporary disabled. That's how I read it.

Ok, maybe my initial question needs to be stated differently:

Will we be able to renew past June 2020?

Yes, as long as the domains on the certificate do not change (no adding or removing domains).

It will continue to work until June 2021.

From the start of 2021, renewals will occasionally fail (due to intentional brownouts of the ACME v1 API). But as long as your ACME client runs on a regular schedule (twice a day is standard), it shouldn't cause your certificate to expire or anything like that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.