alt Hacker NewsLet’s Encrypt – Stopping Issuance for Potential Incident
Comments
That's really not good. Fortunately I'm not using any short-lived certificates like the recently announced 6 day certs, so have some breathing room. Without further details, I'd imagine anyone with a short-lived cert is getting a bit sweaty right now.
Let's Encrypt has become one of those pieces of critical Internet infrastructure that just quietly hums away in the background, the fact that they've stopped ALL issuance is deeply concerning.
It's certainly an incident when ceasing to issue certificates... after doing absolutely everything, including limiting lifetime, to encourage their frequent renewal
There is one little-discussed down side to ever shorter-lived certificates...
Hopefully it's just a technical issue and not something like a key compromise. This could have disastrous effects considering how much of the web runs on LE certs these days.
Granted if it's configured properly everyone should have 30 days of leeway before having to issue new certs...
Related Cloudflare issue: https://www.cloudflarestatus.com/incidents/z3vgxxfvt3yb
They had scheduled maintenance a few hours ago, https://letsencrypt.status.io/pages/maintenance/55957a99e800...
The title is misspelled. It's “Let's Encrypt”, with an apostrophe.
Issuance was stopped almost 2 hours ago: May 8, 2026 18:37 UTC.
Hopefully just a minor mississuance incident and not something more serious.
in other news, Digicert's Secure Site Pro certificates are down to only $5,880.00 yearly for one wildcard domain!
Some other internet things going on to Discord, Cloudflare, and others.
Unsure if related in any way.
Here's hoping it's not another security nightmare...
This is a compliance incident, we should be issuing again shortly.
Update: Issuance is back up.
Update: Preliminary incident report:
https://bugzilla.mozilla.org/show_bug.cgi?id=2038351