UPDATE: Let’s Encrypt has extended the lifetime of ACMEv1 until November 8th, extending the life of the API for 1 week. November 1st is now a production brownout date, so you may be affected by a loss of service on that date. For further information please read the following:
End of life for Let’s Encrypt Legacy, time to update!
In August, we shared in a blog post that the Let’s Encrypt original API, ACMEv1, would be reaching EOL (end of life) on October 31. Beginning in November, all new accounts will need to use the new API, ACMEv2. According to the Let’s Encrypt announcement, they will no longer allow new accounts to register using the Legacy Let’s Encrypt API after October 31. cPanel has developed a new plugin for Let’s Encrypt to use this new API. There are some important things we wanted to communicate as this deadline approaches.
What do I need to know?
cPanel chose to defer migrating to the new script as long as possible because it introduces a rate limit that impacts our Let’s Encrypt plugin users. This new rate limit is 300 certificate orders every three hours. That means the time has come to update to the new ACMEv2 Let’s Encrypt API because the legacy API will no longer accept new user registrations after October 31. If you are using cPanel & WHM Version 82 or earlier, and you have the Let’s Encrypt legacy API, you cannot create new registrations. The plugin will not work for users who have not already registered.
Will the plugin be backported?
We do not plan to backport the Let’s Encrypt Plugin for the current LTS version of cPanel & WHM. Servers running Versions 82 and earlier will continue to use the Legacy version of the Let’s Encrypt plugin. Because of this change, no new registrations can be added on those servers after October 31. If you are running Version 82 or earlier and you delete your server’s Let’s Encrypt registration, the plugin will stop working.
How does this affect me?
If you’re on Version 82 or earlier, you have until October 31 to register new users using the Legacy Let’s Encrypt plugin. You might encounter this if you are a new user who hasn’t used Let’s Encrypt before, or if you somehow deleted your registration. Let’s Encrypt began implementing their End Of Life plan for ACMEv1 on October 1, and will complete it on October 31. After that deadline, if you want to sign up for Let’s Encrypt, or if you delete your registration, you have two choices. You will need to either upgrade to Version 84 or switch to using the default cPanel SSL provider, which is powered by Sectigo, instead of the Let’s Encrypt plugin.
Have any questions?
Do you have any further concerns? Are you unsure how this change may impact you? Would you like to discuss your thoughts about this update? If so, please join our official Slack and Discord channels, or join us on our official cPanel subreddit.