101

Lets Encrypt Ending TLS Client Authentication Certificate Support in 2026 (letsencrypt.org)

submitted 4 days ago by recursive_recursion@lemmy.ca to c/linux@programming.dev

10 comments fedilink hide all child comments

cross-posted from: https://lemmy.bestiver.se/post/390337

Comments

you are viewing a single comment's thread
view the rest of the comments

[-] drspod@lemmy.ml 1 points 4 days ago

but maybe I’m missing something.

Yes, FTA:

May 13, 2026: the tlsclient ACME profile will no longer be available and no further certificates with the Client Authentication EKU will be issued.
...
Once this is completed, Let’s Encrypt will switch to issuing with new intermediate Certificate Authorities which also do not contain the TLS Client Authentication EKU.
...
After this change is complete, only TLS Server Authentication will be available from Let’s Encrypt.

[-] just_another_person@lemmy.world 1 points 3 days ago

Yes, that's the same thing. Removing it from one place, and just adding it to another. No big deal.

I honestly don't think many people were even using this feature compared to SSL certs. Anyone using TLS everywhere already has their own cert manager workflow, othey'd be using another system to do it ala k8s, or they'd be doing it at the network fabric instead of per-service. I can't think of many use-cases where regular users of LE would have a TLS-enabled public service they would need other random users to trust. I'm sure there's some, but nowhere on the scale of their SSL users.

[-] drspod@lemmy.ml 2 points 3 days ago

Yes, that’s the same thing. Removing it from one place, and just adding it to another.

Adding it where?

this post was submitted on 18 May 2025

101 points (98.1% liked)

Linux

7387 readers

53 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev