ACMEv2 and Wildcard Launch Delay

josh 2018-02-20 18:50:34 UTC #1

We previously communicated that we would launch ACMEv2 and wildcard certificate support on February 27th. ACMEv2 and wildcard support is nearly ready but we will be delaying the full launch in order to give our teams more time to complete testing and quality assurance activities. While we work hard to hit deadlines, we are inclined to prioritize a quality release over hitting a deadline.

The biggest reason for this delay is the recent TLS-SNI deprecation. This unexpectedly pulled most engineering resources away from ACMEv2 and wildcard support for approximately two weeks.

We introduced a public test API endpoint for the ACME v2 protocol and wildcard support on January 4, 2018. Thank you to everyone who has provided feedback on the staging endpoint.

We will provide updates here weekly and encourage client developers to continue to utilize the staging endpoint to prepare for ACMEv2 and wildcard issuance.

February 27 Update: There are no known major issues with the ACMEv2/wildcard test endpoint. ACMEv2 and wildcard support quality assurance is continuing. No release date to announce yet.

March 5 Update: Testing continues. We’ve found and fixed at least one major issue with ACMEv2 support and made a number of improvements since the last update here. No release date yet but we’re getting closer. Thank you for your patience.

March 13 Update: ACMEv2 and wildcard certificate support is live. Thank you for your patience!

Wildcards official launch

Wildcard via manual DNS editing

How to issue wildcard certificate for a domain from letsencrypt

Acme.sh supports ACME v2 wildcard now

Wildcard Support

Certbot 0.22.0 Release with ACMEv2 and Wildcard Support

Acme.sh supports ACME v2 wildcard now

Certbot 0.22.0 Release with ACMEv2 and Wildcard Support

Wild card certificate

Wildcard SSl Certificate

ACMEv2 Endpoint URL

josh 2018-02-20 18:51:20 UTC #2

chaz6 2018-02-21 09:26:33 UTC #3

Thanks for putting quality first.

cpu 2018-02-27 15:03:23 UTC #4

2 posts were split to a new topic: Is ACMEv2/wildcard testing available?

cynthia 2018-02-23 20:20:29 UTC #6

While I am really hyped for the wildcard release, I do appreciate that you want it to be great/perfect before launch.

chriscpritchard 2018-02-24 11:22:15 UTC #7

Thanks, is it worth popping this on the blog / front page - I stumbled across it by accident!

cpu 2018-02-27 15:04:02 UTC #8

5 posts were split to a new topic: Certbot ACMEv2/Wildcard support

cpu 2018-02-26 17:50:08 UTC #10

A post was split to a new topic: Cloudflare & Wildcard ACMEv2 Certificates - Compatible?

cpu 2018-02-27 15:02:31 UTC #14

2 posts were split to a new topic: Wildcard issuance validation method(s)?

cpu 2018-02-27 15:01:37 UTC #16

A post was split to a new topic: ISPManager - ACMEv2 / Wildcard compatible?

narychen 2018-02-27 14:28:32 UTC #17

Today is Feb 27. When will it be OK ?

cpu 2018-02-27 15:05:06 UTC #18

@narychen - Please read the post from @josh at the top of this thread.

narychen 2018-02-27 16:20:27 UTC #19

We really need this and recently we need to use it to build our new product.
How long will it be delayed ? Just a few days or a few months ?

stba 2018-02-27 21:21:41 UTC #20

With respect @josh, quality of service has to be about more than just the new service not breaking. Keeping your promises, and your users informed when you can’t keep them - i.e. expectations management - really matters to quality of service too.

People are making plans in their lives and businesses around your announcements.

And although you announced this here 7 days ago, not everyone is on your community pages, and your homepage’s latest update still bills Tuesday, February 27 as launch date for ACMEv2. Why have you not updated it?

I couldn’t find anything in your Twitter feed about the delay either. Why haven’t you posted there?

I had to hunt around for half an hour to find your post here.

And to add salt to the wounds, it sounds like you had reason to suspect the ACMEv2 launch could be delayed weeks ago (you first posted about TLS-SNI deprecation on January 18).

So it doesn’t come across at all well, that you’re now delaying the ACMEv2 launch - indefinitely!

How about:

Saying sorry.
Working out a new release date.
Updating your website homepage so as not to mislead any other prospective users of ACMEv2.

Osiris 2018-02-27 21:35:35 UTC #21

@stba Although there are indeed many things with room for improvement, Let’s Encrypt is a not-for-profit organisation running on donated and sponsored money, issuing millions of certificates for free. I understand your frustrations and I can sympathise, but IMHO you can’t expect top-notch excellence as you might get from a company with thousands of employees. Let’s Encrypt has a rather small staff and I’m sure @josh has many, MANY important other things to do, although it might not be ~~very~~ visible to the outside world.

ashishdungdung 2018-02-27 22:16:04 UTC #22

We can only wait, so let’s wait patiently.

chriscpritchard 2018-02-28 06:22:35 UTC #23

I appreciate what letsencrypt is doing, and I appreciate that we’re getting updates here but in reality an update on the home page / blog would be reasonably quick and make sure it’s much more visible! It’s not that obvious what’s going on for people who aren’t a member of the community.

Osiris 2018-02-28 06:27:36 UTC #24

Although I agree a news post on the home page would have been the best way to inform the most people, it’s best to check the following page: https://letsencrypt.org/upcoming-features/

nicrats 2018-02-28 06:42:46 UTC #25

According to https://letsencrypt.org/upcoming-features/, it should be here by the end of March then?

Wildcard Certificates
ETA: Q1 2018

Jimmy_London 2018-02-28 08:54:05 UTC #26

First, thanks for all you are doing. It is very much appreciated.

I agree that a message on the webpage would save a lot of people a lot of trouble. I also had to be lucky to find this page announcing the delay. I wish it had been more straight-forward. I am sure many people who would need the information will miss it.

I have been waiting since early january. I hope it won’t be too long.