Public
- Public
- Network
- Groups
- Featured
- Popular
- People

After this change is complete, only TLS Server Authentication will be available from Let’s Encrypt. This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs. Many uses of client authentication are better served by a private certificate authority, and so Let’s Encrypt is discontinuing support for TLS Client Authentication ahead of this deadline.

Download link

After this change is complete, only TLS Server Authentication will be available from Let’s Encrypt. This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs. Many uses of client authentication are better served by a private certificate authority, and so Let’s Encrypt is discontinuing support for TLS Client Authentication ahead of this deadline.
https://cdn.masto.host/socialwildeboernet/media_attachments/files/114/516/267/865/924/101/original/11c94f24213a7ade.png

Notices where this attachment appears

Embed this notice
Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 16-May-2025 19:21:58 JST Jan Wildeboer 😷:krulorange:

Dear #Letsencrypt, you helped secure millions and millions of servers, not just web servers. But your announcement at https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/ about ending Ending TLS Client Authentication Certificate Support in 2026 because Google changes their requirements would result in your certificates becoming a risk for SMTP servers. You are literally risking an email collapse for many mailserver owners just to please Google? Please think again. Please.
1/5

In conversation about 19 days ago from social.wildeboer.net permalink