Hasty Briefsbeta

Let's Encrypt End of Life Plan for RFC 6962 Certificate Transparency Logs

10 days ago
https://letsencrypt.org/2025/08/14/rfc-6962-logs-eol
Copy Link
  • #Let’s Encrypt
  • #Certificate Transparency
  • #Web PKI
  • Let’s Encrypt will make RFC 6962 logs read-only on November 3, 2025, and shut them down entirely on February 9, 2026.
  • End users of Web PKI certificates do not need to take any action; the transition will be handled by Let’s Encrypt and browsers.
  • RFC 6962 logs are costly to operate at web scale, with annual cloud costs nearing seven figures due to relational database storage.
  • The Static CT API, introduced in 2023, offers a more cost-effective and scalable alternative to RFC 6962 logs.
  • Static CT logs eliminate the Maximum Merge Delay (MMD) issue, improving reliability and reducing operational disruptions.
  • Static CT logs use static tiles for data storage, enabling efficient caching and reducing the need for expensive database infrastructure.
  • Let’s Encrypt has submitted new Static CT API logs for inclusion in certificate transparency programs and will switch fully to this new architecture.
  • Certificate authorities may need to update their configurations to submit to the new logs, and monitoring software may require updates to support the new API.
AboutLogin