End of Life Plan for ACMEv1

The original protocol used by Let’s Encrypt for certificate issuance and management is called ACMEv1. In March of 2018 we introduced support for ACMEv2, a newer version of the protocol that matches what was finalized today as RFC 8555. We have been encouraging subscribers to move to the ACMEv2 protocol.

Today we are announcing an end of life plan for ACMEv1.

In November of 2019 we will stop allowing new account registrations through our ACMEv1 API endpoint. Existing accounts will continue to function normally.

In June of 2020 we will stop allowing new domains to validate via ACMEv1.

Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected). The intention is to induce client errors that might encourage subscribers to update to clients or configurations that use ACMEv2. Renewal failures should be limited since new domain validations will already be disabled and we recommend renewing certificates 30 days before they expire.

In June of 2021 we will entirely disable ACMEv1 as a viable way to get a Let’s Encrypt certificate.

We would like to remind people reading this about an upcoming change to our ACMEv2 support. Starting in November 2019 we will no longer allow unauthenticated resource GETs when using ACMEv2.

14 Likes

In preparation for the production turn down of ACME v1 we are planning to disable new ACME v1 registrations in the staging environment during the following dates of this year.

  • August 6th to August 7th

  • August 13th to August 15th

  • August 27th to Sept 3rd

We will be permanently disabling new ACME v1 registrations in the staging environment on October 1st.

As a reminder in November we will disabling ACME v1 registrations in the production environment as well. Please use these progressively longer staging brown-outs to verify that your organization will not be affected by the start of the production ACME v1 end of life in November. We will announce similar brown-out dates for production in the near future.

We’ve made a public Google calendar with these dates and other scheduled ACME API events that may be helpful to others.

Thanks!

7 Likes

Reminder that tomorrow will be the end of new ACME v1 registrations in the staging environment.

We will be beginning brown-outs for new ACME v1 registrations for the production environment for the following dates of this year:

  • October 10th to October 11th
  • October 16th to October 18th
  • October 31st onward

We will be permanently disabling new ACME v1 registrations in the production environment on October 31st.

The Google calendar of scheduled ACME events will be updated accordingly.

Thanks!

5 Likes

The first of the production brownouts for new ACMEv1 registrations has begun. We won’t necessarily post here for each one. Subscribe to the detailed status updates at https://letsencrypt.status.io if you’d like to be notified.

2 Likes