Single post

jump to replies
mirabilos🐈‍⬛ , @mirabilos@toot.mirbsd.org
(open profile)

What the actual fuck, #LetsEncrypt

Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026.

That makes them unusable for SMTP servers. Gah!

Anyone got a usable alternative that doesn’t ruin financially?

Update: I’m in communication with them, let’s hope they recognise the usefulness.

Update 2: turns out it’s Google forcing this down the throat of all CAs that want to be recognised by Chrome as valid. I’m sure Google only accidentally decided on a new policy that breaks some SMTP and probably all XMPP use cases… 🤬

1 visible reply; 2 more replies hidden or not public

back to top