How do we know if we are affected by this?
Ending TLS Client Authentication Certificate Support in 2026
1 Like
What do you use Let's Encrypt certificates for?
Quoting from the blog post:
Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action. However, if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you.
4 Likes
Mainly for accessing websites so traditional HTTPS certs. But would like to have a way to validate in case there are any using client certificates.
If you aren't sure if you are using Let's Encrypt for client certificates, you probably aren't
Certificates require very specific configuration to be used in that manner.
Let's Encrypt is just removing the EKU from the certificate. They don't have any way of knowing if you are using them for client validation or not.
6 Likes
I kind of have the same question. My mail server is configured to use the Let's Encrypt certificate. Haven't yet figured out if that will be an issue.
In general, if your server/app/whatever is transmitting a Let's Encrypt certificate to another server/app/whatever to authenticate itself as a client then you would be affected. Think of this as using of a certificate as a credential rather than as a means of establishing secure TLS communications.
2 Likes
Try the certificate with tlsserver profile.
1 Like