End of Life Plan for ACMEv1

As planned, we will be turning off ACMEv1 validations for new domains during the month of June. We will be following the schedule below for disabling new ACMEv1 validations.

  • May 13th: Permanently disable staging new validations.

  • June 1st: Disable production new validations for 24 hours.

  • June 9th: Disable production new validations for 24 hours.

  • June 17th: Disable production new validations for 24 hours.

  • June 24th: Disable production new validations for 72 hours.


  • July 2nd: Permanently disable production new validations.

Please use these progressively longer production brown-outs to verify that your organization will not be affected.

We’ve updated the public Google calendar with these dates and other scheduled ACME API events that may be helpful.

Thanks!

10 Likes

We have disabled staging ACMEv1 validations for new domains.

8 Likes

We have disabled ACMEv1 New Validations in Production. This brownout will last 24 hours. We won’t necessarily post here for each one. Subscribe to the detailed status updates at https://letsencrypt.status.io if you’d like to be notified.

5 Likes

We have ended the brownout earlier than scheduled. ACMEv01 New Validations are now available again in Production.

The next brownout will be June 9th.

3 Likes

We are disabling ACMEv1 New Validations in Production. This brownout will last 24 hours. We won’t necessarily post here for each one. Subscribe to the detailed status updates at https://letsencrypt.status.io if you’d like to be notified.

3 Likes

We are disabling ACMEv1 New Validations in Production. This brownout will last 24 hours. We won’t necessarily post here for each one. Subscribe to the detailed status updates at https://letsencrypt.status.io if you’d like to be notified.

3 Likes

We have permanently disabled ACMEv1 Validations for New Domains in Production.

12 Likes

In preparation for the full shut-off of the ACMEv1 API in June 2021, we will have occasional ACMEv1 issuance and renewal brown-outs each month. The schedule below outlines our plan and our API announcements calendar is updated accordingly.

We previously indicated that these brown-outs would be once a month and not more than 24 hours in length. We feel that schedule won't alert the greatest number of subscribers who use ACMEv1 so we have planned several brown-outs each month of increasing length covering various times of month and days of week. As stated in the original announcement, the intention is to induce client errors that encourage subscribers to update to clients or configurations that use ACMEv2.

Please use these progressively longer brown-outs to verify that your organization will not be affected when we entirely disable ACMEv1 as a viable way to get a Let's Encrypt Certificate.


January

  • Thursday, 14th (6 hours)
  • Tuesday, 26th (6 hours)

February

  • Wednesday, 10th - Thursday, 11th (24 hours)
  • Thursday, 25th - Friday, 26th (24 hours)

March

  • Monday, 15th - Tuesday, 16th (48 hours)
  • Wednesday, 24th - Thursday, 25th (48 hours)

April

  • Tuesday, 6th - Thursday, 8th (72 hours)
  • Friday, 23rd - Sunday, 25th (72 hours)

May

  • Thursday, 6th - Monday 10th (5 days)
  • Tuesday, 18th - Tuesday, 25th (7 days)

June

  • Tuesday, 1st - turn off completely

What about the Staging ACMEv1 API?

The Staging ACMEv1 API will be fully disabled on 26 March 2021. Until that date, it will undergo brownouts on the same schedule as the Production ones above.

17 Likes

We have disabled the ACMEv1 API in Staging and Production in line with our ACMEv1 deprecation plans. This brownout will last aproximately 6 hours.

Will update our status page maintenance window and this thread when the brownout is completed.

Please note, this brownout includes the Staging ACMEv1 API. We realized this endpoint was not listed in our original plans and have decided that Staging brownouts will occur in line with production until the end of March when we will fully disable ACMEv1 in Staging. The previous post has been updated with this information.

10 Likes

We have re-enabled the ACMEv1 API in Staging and Production. The next brownout will begin 2021-01-26.

We won’t necessarily post here for each one. Subscribe to the detailed status updates at https://letsencrypt.status.io if you’d like to be notified.

6 Likes

We have disabled the ACMEv1 API in Staging and Production in line with our ACMEv1 deprecation plans. This brownout will last aproximately 6 hours.

We will update our status page maintenance window and this thread when the brownout is completed.

5 Likes

We have re-enabled the ACMEv1 API in Staging and Production. The next brownout will begin 2021-02-10.

We won’t necessarily post here for each one.

5 Likes

We have disabled the ACMEv1 API in Staging and Production in line with our ACMEv1 deprecation plans. This brownout will last aproximately 24 hours.

We will update our status page maintenance window and this thread when the brownout has been completed.

7 Likes

We have re-enabled the ACMEv1 API in Staging and Production. The next brownout will begin 2021-02-25 and last for 24 hours.

Edit:
I mistakenly wrote in the status.io update that the next maintenance would be 2021-03-15, but that was incorrect. I've cleaned my glasses off and confirmed that my eyes are working again.

8 Likes

We have disabled the ACMEv1 API in Staging and Production in line with our ACMEv1 deprecation plans. This brownout will last approximately 48 hours.

We will update our status page maintenance window and this thread when the brownout has been completed.

5 Likes

We have re-enabled the ACMEv1 API in Staging and Production. If the last 48 hours were not disruptive for you, then we hope that means you have already switched to ACMEv2, and we thank you :smile: .

The next brownout will begin 2021-03-24 an will also last approximately 48 hours. We will not necessarily update this thread for each brownout.

6 Likes

We are fast approaching the end of life for ACMEv1. In fewer than 30 days, the service will be disabled in production and all subscribers will need to use our ACMEv2 endpoints to obtain a certificate. Below is a list of the remaining brown-out dates before we disable ACMEv1 on June 1, 2021.

10 Likes

We are in the middle of the final brownout for ACMEv1. We will end the brownout on Tuesday, May 25th and there will be one week before we entirely disable ACMEv1 as a viable way to get a Let's Encrypt certificate.

Beginning June 1st, users who attempt issuance with ACMEv1 will be returned this message:

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so.

If you need help updating your client software please look at this thread:

7 Likes

We have fully turned off the ACMEv1 API as a viable way to get a Let’s Encrypt certificate. Users will see this message when they attempt to issue a certificate with the ACMEv1 API:

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so.

If you have a certificate issued from the ACMEv1 API it will continue to work until it expires. Before it expires, you should update your clients to use ACMEv2. If you need help updating your client software please look at Help thread for ACMEv1 EOL (June 2021) - Returned ACMEv1 is Deprecated Error Message

Prior to our final cutoff, only 0.6% of Let’s Encrypt issuance was done via ACMEv1. In January 2020, we started sending notifications about our ACMEv1 deprecation plan and timeline to subscribers who were using ACMEv1 and had an e-mail associated with their account. Since those e-mails started, we’ve done brownouts at each stage of deprecation to induce client errors for users that were not receiving e-mails. Additionally, we’ve been updating this thread with all the deprecation progress. Thanks to our subscribers, community, and many client developers who have worked with us along this journey to create a smooth transition to ACMEv2. We are now able to fully serve our subscribers with a version of the protocol that matches the finalized RFC and do not anticipate making any additional protocol switches.

16 Likes