Techly NewsGet the app

Get the latest tech news

Ending TLS Client Authentication Certificate Support in 2026


Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action. However, if you use Let’s Encrypt certificates as client certificates to authenticate to a server, this change may impact you. To minimize disruption, Let’s Encrypt will roll this change out in multiple stages, using ACME Profiles:

Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. October 1, 2025: Let’s Encrypt will launch a new tlsclient ACME profile which will retain the TLS Client Authentication EKU. Once this is completed, Let’s Encrypt will switch to issuing with new intermediate Certificate Authorities which also do not contain the TLS Client Authentication EKU.

Get the Android app

Or read this on Hacker News

« Beta.weather.gov
Mice grow bigger brains when given this stretch of human DNA »