Upcoming Let’s Encrypt Profile Changes On May 13

mcpherrinm · May 6, 2026, 6:53pm

Let’s Encrypt will be making three previously-announced changes in one week, on May 13, 2026:

The tlsserver ACME profile will switch to 45-day certificates. This profile is opt-in, for use by early adopters. The full timeline of shortening our certificates’ lifetime to 45 days over the next two years can be found in our blog post, Decreasing Certificate Lifetimes to 45 Days.
The tlsclient ACME profile will only be available to ACME accounts which have previously requested a certificate from that profile. That profile will be available until July 8, 2026. For more details, see Ending TLS Client Authentication Certificate Support.
The classic ACME profile will switch to using our new "Generation Y" intermediates. These intermediates chain to our existing X1 and X2 roots, so this change should not introduce compatibility issues.

These changes are live in our staging environment now.

You can learn more about profiles here.

Topic		Replies	Views
RE: upcoming-changes-to-let-s-encrypt-certificates Help	7	601	January 22, 2026
Upcoming Changes to Let’s Encrypt Certificates API Announcements	2	31051	January 7, 2026
Will tlssever profile switch to 45 days next week? Issuance Policy	2	170	May 6, 2026
Ending TLS Client Authentication Certificate Support in 2026 API Announcements	5	2588	February 11, 2026
Sunsetting of Client EKU Help	16	742	April 17, 2026