The original protocol used by Let’s Encrypt for certificate issuance and management is called ACMEv1. In March of 2018 we introduced support for ACMEv2, a newer version of the protocol that matches what was finalized today as RFC 8555. We have been encouraging subscribers to move to the ACMEv2 protocol.
Today we are announcing an end of life plan for ACMEv1.
In November of 2019 we will stop allowing new account registrations through our ACMEv1 API endpoint. Existing accounts will continue to function normally.
In June of 2020 we will stop allowing new domains to validate via ACMEv1.
Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.
In June of 2021 we will entirely disable ACMEv1 as a viable way to get a Let’s Encrypt certificate.
We would like to remind people reading this about an upcoming change to our ACMEv2 support. Starting in November 2020 we will no longer allow unauthenticated resource GETs when using ACMEv2.