End of Life Plan for ACMEv1

We have re-enabled the ACMEv1 API in Staging and Production. The next brownout will begin 2021-02-25 and last for 24 hours.

Edit:
I mistakenly wrote in the status.io update that the next maintenance would be 2021-03-15, but that was incorrect. I've cleaned my glasses off and confirmed that my eyes are working again.

9 Likes

We have disabled the ACMEv1 API in Staging and Production in line with our ACMEv1 deprecation plans. This brownout will last approximately 48 hours.

We will update our status page maintenance window and this thread when the brownout has been completed.

6 Likes

We have re-enabled the ACMEv1 API in Staging and Production. If the last 48 hours were not disruptive for you, then we hope that means you have already switched to ACMEv2, and we thank you :smile: .

The next brownout will begin 2021-03-24 an will also last approximately 48 hours. We will not necessarily update this thread for each brownout.

6 Likes

We are fast approaching the end of life for ACMEv1. In fewer than 30 days, the service will be disabled in production and all subscribers will need to use our ACMEv2 endpoints to obtain a certificate. Below is a list of the remaining brown-out dates before we disable ACMEv1 on June 1, 2021.

11 Likes

We are in the middle of the final brownout for ACMEv1. We will end the brownout on Tuesday, May 25th and there will be one week before we entirely disable ACMEv1 as a viable way to get a Let's Encrypt certificate.

Beginning June 1st, users who attempt issuance with ACMEv1 will be returned this message:

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so.

If you need help updating your client software please look at this thread:

8 Likes

We have fully turned off the ACMEv1 API as a viable way to get a Let’s Encrypt certificate. Users will see this message when they attempt to issue a certificate with the ACMEv1 API:

ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so.

If you have a certificate issued from the ACMEv1 API it will continue to work until it expires. Before it expires, you should update your clients to use ACMEv2. If you need help updating your client software please look at Help thread for ACMEv1 EOL (June 2021) - Returned ACMEv1 is Deprecated Error Message

Prior to our final cutoff, only 0.6% of Let’s Encrypt issuance was done via ACMEv1. In January 2020, we started sending notifications about our ACMEv1 deprecation plan and timeline to subscribers who were using ACMEv1 and had an e-mail associated with their account. Since those e-mails started, we’ve done brownouts at each stage of deprecation to induce client errors for users that were not receiving e-mails. Additionally, we’ve been updating this thread with all the deprecation progress. Thanks to our subscribers, community, and many client developers who have worked with us along this journey to create a smooth transition to ACMEv2. We are now able to fully serve our subscribers with a version of the protocol that matches the finalized RFC and do not anticipate making any additional protocol switches.

17 Likes

More than 90 days have passed since we deprecated the ACMEv1 API and started returning an error message for subscribers to update their clients. Now, all certificates that were previously issued by that endpoint have expired. In continuation with the deprecation plans, we have removed the DNS records for acme-v01.api.letsencrypt.org and are no longer returning an error message. Users will now see general connection errors if they attempt to use the ACMEv1 endpoint.

14 Likes