Does the E1 allowlist apply to renewals?

Or just to newly issued ecdsa certificates?

And... when is it processed? :smiley:


The only difference between a "renewal" (having the same set of domains as a prior issuance) and a "new" certificate, from a technical perspective, is which rate limits apply. Once your ACME account is on the allowlist, all ECDSA-keyed CSRs submitted by that account get a cert signed by E1 instead of R3.

It's processed when they get around to updating Boulder's config files, usually when they do a release, so it generally takes a couple of weeks. They'll send you an email once they've added it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.