Let's Encrypt Stopping Issuance for Potential Incident
Let’s Encrypt halted all certificate issuance across production and staging on May 8, 2026 at 18:37 UTC—a compliance-triggered shutdown affecting one of the web’s most critical CA infrastructures.
What Matters
- All issuance stopped simultaneously across acme-v02 production, staging, and portal endpoints at both high-assurance datacenters.
- Shutdown was compliance-driven, not necessarily a key compromise; CAs are required to halt if issued certs may be non-compliant.
- Operators running standard 90-day certs have ~30 days of renewal leeway before expiry becomes critical.
- Operators using newly announced 6-day short-lived certs face near-immediate exposure if outage extends.
- [HN: @jaas] LE staff confirmed: “This is a compliance incident, we should be issuing again shortly.”
- [HN: @jaas] Stopping all issuance is a required CA action when non-compliance is suspected—not inherently a sign of key compromise or catastrophic failure.
- ZeroSSL and other ACME CAs are functional fallbacks; cert clients supporting multiple ACME endpoints can failover now.
