You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/upcoming-features.md
+9-4Lines changed: 9 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Upcoming Features
3
3
slug: upcoming-features
4
-
lastmod: 2025-07-31
4
+
lastmod: 2025-12-12
5
5
show_lastmod: 1
6
6
---
7
7
@@ -19,7 +19,12 @@ Around the end of 2025, we intend to allow any client which requests a shortlive
19
19
20
20
## Removal of TLS Client Authentication EKU
21
21
22
-
On Feb 11, 2026, we intend to [remove the "TLS Client Authentication" Extended Key Usage (EKU)](https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/) from our default certificate profile. Prior to that date, we will offer an alternative profile which will still contain that EKU, but note that this will be a temporary stop-gap for clients that need more time to migrate away from needing it: that alternate profile will go away on May 13, 2026.
22
+
On February 11, 2026, we intend to [remove the "TLS Client Authentication" Extended Key Usage (EKU)](https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/) from our default certificate profile. Prior to that date, we will offer an alternative profile which will still contain that EKU, but note that this will be a temporary stop-gap for clients that need more time to migrate away from needing it: that alternate profile will go away on May 13, 2026.
23
+
24
+
## Decreasing Certificate Lifetimes to 45 Days
25
+
26
+
To comply with CA/Browser Forum Baseline Requirement changes, we are
27
+
[decreasing certificate lifetimes to 45 days](https://letsencrypt.org/2025/12/02/from-90-to-45). We will first decrease to 64 days on February 10, 2027, and then to 45 days on February 16, 2028. We are also decreasing the authorization reuse period to 10 days, then 7 hours.
23
28
24
29
# Completed Features
25
30
@@ -43,10 +48,10 @@ Clients which support the [draft ACME Profiles extension](https://www.ietf.org/a
We now operate Certificate Transparency (CT) logs which conform to the new [Static CT API Spec](https://c2sp.org/static-ct-api), running the [Sunlight](https://github.com/FiloSottile/sunlight) software. Now that various CT log programs have updated their policies to accept this new kind of log, we intend to submit our logs for inclusion in those programs soon.
51
+
We now operate Certificate Transparency (CT) logs which conform to the new [Static CT API Spec](https://c2sp.org/static-ct-api), running the [Sunlight](https://github.com/FiloSottile/sunlight) software. These logs are now usable to fulfill browser's CT requirements. The [CT Logs Documentation](https://letsencrypt.org/docs/ct-logs/) has a list of our current logs.
We now provide suggested renewal windows for all issued certificates, which clients can query using the [ACME ARI extension](https://www.ietf.org/archive/id/draft-ietf-acme-ari-08.html).
57
+
We now provide suggested renewal windows for all issued certificates, which clients can query using the [ACME ARI extension](https://www.rfc-editor.org/rfc/rfc9773.html).
0 commit comments