ACMEv2 and Wildcard Launch Delay

josh · 2018-02-20 18:50:34 UTC

We previously communicated that we would launch ACMEv2 and wildcard certificate support on February 27th. ACMEv2 and wildcard support is nearly ready but we will be delaying the full launch in order to give our teams more time to complete testing and quality assurance activities. While we work hard to hit deadlines, we are inclined to prioritize a quality release over hitting a deadline.

The biggest reason for this delay is the recent TLS-SNI deprecation. This unexpectedly pulled most engineering resources away from ACMEv2 and wildcard support for approximately two weeks.

We introduced a public test API endpoint for the ACME v2 protocol and wildcard support on January 4, 2018. Thank you to everyone who has provided feedback on the staging endpoint.

We will provide updates here weekly and encourage client developers to continue to utilize the staging endpoint to prepare for ACMEv2 and wildcard issuance.

February 27 Update: There are no known major issues with the ACMEv2/wildcard test endpoint. ACMEv2 and wildcard support quality assurance is continuing. No release date to announce yet.

March 5 Update: Testing continues. We’ve found and fixed at least one major issue with ACMEv2 support and made a number of improvements since the last update here. No release date yet but we’re getting closer. Thank you for your patience.

March 13 Update: ACMEv2 and wildcard certificate support is live. Thank you for your patience!

josh · 2018-02-20 18:51:20 UTC

chaz6 · 2018-02-21 09:26:33 UTC

Thanks for putting quality first.

cpu · 2018-02-27 15:03:23 UTC

2 posts were split to a new topic: Is ACMEv2/wildcard testing available?

cynthia · 2018-02-23 20:20:29 UTC

While I am really hyped for the wildcard release, I do appreciate that you want it to be great/perfect before launch.

chriscpritchard · 2018-02-24 11:22:15 UTC

Thanks, is it worth popping this on the blog / front page - I stumbled across it by accident!

cpu · 2018-02-27 15:04:02 UTC

5 posts were split to a new topic: Certbot ACMEv2/Wildcard support

cpu · 2018-02-26 17:50:08 UTC

A post was split to a new topic: Cloudflare & Wildcard ACMEv2 Certificates - Compatible?

cpu · 2018-02-27 15:02:31 UTC

2 posts were split to a new topic: Wildcard issuance validation method(s)?

cpu · 2018-02-27 15:01:37 UTC

A post was split to a new topic: ISPManager - ACMEv2 / Wildcard compatible?

narychen · 2018-02-27 14:28:32 UTC

Today is Feb 27. When will it be OK ?

cpu · 2018-02-27 15:05:06 UTC

@narychen - Please read the post from @josh at the top of this thread.

narychen · 2018-02-27 16:20:27 UTC

We really need this and recently we need to use it to build our new product.
How long will it be delayed ? Just a few days or a few months ?

stba · 2018-02-27 21:21:41 UTC

With respect @josh, quality of service has to be about more than just the new service not breaking. Keeping your promises, and your users informed when you can’t keep them - i.e. expectations management - really matters to quality of service too.

People are making plans in their lives and businesses around your announcements.

And although you announced this here 7 days ago, not everyone is on your community pages, and your homepage’s latest update still bills Tuesday, February 27 as launch date for ACMEv2. Why have you not updated it?

I couldn’t find anything in your Twitter feed about the delay either. Why haven’t you posted there?

I had to hunt around for half an hour to find your post here.

And to add salt to the wounds, it sounds like you had reason to suspect the ACMEv2 launch could be delayed weeks ago (you first posted about TLS-SNI deprecation on January 18).

So it doesn’t come across at all well, that you’re now delaying the ACMEv2 launch - indefinitely!

How about:

Saying sorry.
Working out a new release date.
Updating your website homepage so as not to mislead any other prospective users of ACMEv2.

Osiris · 2018-02-27 21:35:35 UTC

@stba Although there are indeed many things with room for improvement, Let’s Encrypt is a not-for-profit organisation running on donated and sponsored money, issuing millions of certificates for free. I understand your frustrations and I can sympathise, but IMHO you can’t expect top-notch excellence as you might get from a company with thousands of employees. Let’s Encrypt has a rather small staff and I’m sure @josh has many, MANY important other things to do, although it might not be ~~very~~ visible to the outside world.

ashishdungdung · 2018-02-27 22:16:04 UTC

We can only wait, so let’s wait patiently.

chriscpritchard · 2018-02-28 06:22:35 UTC

I appreciate what letsencrypt is doing, and I appreciate that we’re getting updates here but in reality an update on the home page / blog would be reasonably quick and make sure it’s much more visible! It’s not that obvious what’s going on for people who aren’t a member of the community.

Osiris · 2018-02-28 06:27:36 UTC

Although I agree a news post on the home page would have been the best way to inform the most people, it’s best to check the following page: https://letsencrypt.org/upcoming-features/

nicrats · 2018-02-28 06:42:46 UTC

According to https://letsencrypt.org/upcoming-features/, it should be here by the end of March then?

Wildcard Certificates
ETA: Q1 2018

Jimmy_London · 2018-02-28 08:54:05 UTC

First, thanks for all you are doing. It is very much appreciated.

I agree that a message on the webpage would save a lot of people a lot of trouble. I also had to be lucky to find this page announcing the delay. I wish it had been more straight-forward. I am sure many people who would need the information will miss it.

I have been waiting since early january. I hope it won’t be too long.