Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AnyDesk Critical 0-Day Vulnerability Lets Attackers Trigger DoS
July 16, 2026
Next.js Launches Monthly Security Releases, Patches 9 Vulnerabilities
July 16, 2026
SonicWall SMA 1000 Zero-Day Actively Exploited
July 16, 2026
Home/CyberSecurity News/Let’s Encrypt Halts Issuance Over Expired Root Certificate Bug
CyberSecurity News

Let’s Encrypt Halts Issuance Over Expired Root Certificate Bug

Key Takeaways Let’s Encrypt temporarily suspended all certificate issuance on May 8, 2026, due to an issue with an expired root certificate. The problem stemmed from a cross-signed certificate...

Marcus Rodriguez
Marcus Rodriguez
May 9, 2026 3 Min Read
51 0

Key Takeaways

  • Let’s Encrypt temporarily suspended all certificate issuance on May 8, 2026, due to an issue with an expired root certificate.
  • The problem stemmed from a cross-signed certificate linking the organization’s current Generation X root to its forthcoming Generation Y infrastructure.
  • Issuance was halted across production and staging environments, affecting ACME API endpoints and portal services.
  • Services resumed within hours, but all new certificate generation was rolled back to the Generation X root, specifically impacting the tlsserver and shortlived ACME profiles.
  • The incident occurred just five days before several major platform updates, including a shift to 45-day certificate lifetimes for tlsserver profiles.

Let’s Encrypt Halts Certificate Issuance Over Expired Root Certificate Flaw

Let’s Encrypt, a leading certificate authority, briefly ceased all certificate issuance on May 8, 2026, after engineers identified a critical problem involving an expired root certificate. The disruption arose from a cross-signed certificate intended to bridge the organization’s existing Generation X root with its planned Generation Y infrastructure, leading to a temporary shutdown of certificate services.

Table Of Content

  • Key Takeaways
  • Let’s Encrypt Halts Certificate Issuance Over Expired Root Certificate Flaw
  • Incident Response and Service Restoration
  • Impact on Upcoming Platform Changes
  • What You Should Do

Incident Response and Service Restoration

The incident began at 18:37 UTC on May 8 when Let’s Encrypt engineers detected a potential issue. As a precautionary measure, all certificate issuance was immediately suspended. This halt affected both production and staging ACME API endpoints, specifically acme-v02.api.letsencrypt.org and acme-staging-v02.api.letsencrypt.org, alongside associated portal environments hosted across two high-assurance data centers.

Within approximately two and a half hours, by 21:03 UTC, Let’s Encrypt confirmed that certificate issuance had resumed. However, as a direct consequence of the cross-signed certificate issue, all new certificate generation was reverted to the Generation X root. This rollback specifically impacts certificates issued under the tlsserver and shortlived ACME profiles.

Impact on Upcoming Platform Changes

The timing of this incident is particularly noteworthy, as Let’s Encrypt had previously announced a series of significant platform updates scheduled for May 13, 2026—just five days after the service interruption. These planned changes include:

  • The tlsserver ACME profile was set to begin issuing 45-day certificates, a step in Let’s Encrypt’s two-year roadmap to halve certificate lifetimes from 90 to 45 days.
  • The tlsclient profile, used for TLS client authentication certificates, was slated for restriction to ACME accounts that had previously requested certificates from that profile. Full support for tlsclient certificates is scheduled to end on July 8, 2026.
  • The classic ACME profile was also scheduled to transition to Generation Y intermediates, which chain to the existing X1 and X2 roots, aiming to maintain broad client compatibility.

Despite the recent root certificate issue, all three forthcoming changes are currently live in Let’s Encrypt’s staging environment and remain on track for their May 13 production rollout, pending a complete resolution of the underlying root certificate problem. Let’s Encrypt has not yet disclosed whether any improperly issued certificates were distributed during the brief window before issuance was halted.

What You Should Do

  • Administrators utilizing automated ACME-based renewal workflows, especially those relying on the tlsserver or shortlived profiles, should meticulously review their renewal logs.
  • Verify that any certificates issued around the May 8, 2026, incident window correctly chain to the expected Generation X root.
  • Stay informed by monitoring updates and community support available at community.letsencrypt.org for further guidance and announcements.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

New Modular RAT Steals Credentials and Captures Screenshots

Next Post

Critical Microsoft 365 Copilot Vulnerabilities Expose Sensitive Data

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Dutch Police Dismantle €100M Investment Fraud Network, 20 Call Centers Shut Down
July 16, 2026
JetBrains Patches 6 Vulnerabilities in TeamCity, YouTrack, IntelliJ IDEA
July 16, 2026
WhatsApp GhostPairing Flaw Lets Attackers Hijack Accounts
July 16, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Emy Elsamnoudy
By Emy Elsamnoudy
CyberSecurity News

Top 10 High-Risk Vulnerabilities Of 2025 that Exploited in the Wild

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
CyberSecurity News

WhatsApp Crypt Tool to Encrypt and Decrypt WhatsApp Backups

January 1, 2026
Marcus Rodriguez
By Marcus Rodriguez
CyberSecurity News

US Cyber Pros Plead Guilty as ALPHV/Black Security

January 1, 2026
Jennifer sherman
By Jennifer sherman
CyberSecurity News

Critical IBM API Connect Vulnerability Let Attackers Bypass Logins

January 2, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us