Letsencrypt is Ending TLS Client Authentication EKU Certificates in 2026

What

Letsencrypt is ending Extended Key Usage (EKU) certificates for TLS Client Authentication for client side authentication in 2026.

Summary

Letsencrypt, an online certificate authority, has announced on their website that they plan to "no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026"¹.
This will effect email servers using these certificates to authenticate email users using said email servers.

Chrome Root Store policy change.

When

Beginning in 2026.

Where

Any services using Letsencrypt certificates.

Sources

https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/
https://news.ycombinator.com/item?id=44003349
https://social.wildeboer.net/@jwildeboer/114516238307785904

https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/ ↩︎

Published in: Technology

Tags: letsencrypt, ssl certificates

Letsencrypt is Ending TLS Client Authentication EKU Certificates in 2026

What

Summary

Why

When

Where

Sources

This page has been accessed 28 times.

This page was last updated Fri May 16 15:54:46 2025 EDT