Removal of Client EKU Clarification

bibliobraggins · July 9, 2025, 6:51pm

I use LetsEncrypt certificates for a webserver performing mTLS authentication.
I simply want to clarify/confirm my understanding of the changes from:
Ending TLS Client Authentication Certificate Support in 2026

"if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you.".

I'm assuming that my use case is not affected, as LE certs are only ever used as the server side certificate in a given connection.

Can someone from LE confirm?

mcpherrinm · July 9, 2025, 6:52pm

Correct.

Osiris · July 9, 2025, 7:21pm

mTLS is only affected if you're using Let's Encrypt certificates on the client side. But usually the client certificate is issued by a private CA.

system · August 8, 2025, 7:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do we verify if we are affected by the last announcement? Help	7	246	June 13, 2025
Generating mTLS client certs Client dev	5	4583	June 20, 2024
Ending TLS Client Authentication Certificate Support in 2026 API Announcements	3	1926	October 1, 2025
Certificate Based user authentication Client dev	4	5171	December 6, 2016
Do NOT remove TLS Client Auth EKU! Feature Requests	126	6047	July 11, 2025