Starting December 17th 2024 at 09:00 CET (UTC+1), EPP and our other web services will present TLS certificates signed by Let's Encrypt. This means that EPP clients - which do not already trust Let's Encrypt as a certificate authority - will need to be reconfigured.
In various systems (operating systems, browsers, etc.), the collection of root certificates of trusted certificate authorities is stored centrally (often referred to as a 'truststore'). Let's Encrypt is already established [1] in most of these, so in most cases the change will not require any action.
We will not be announcing future renewals of the EPP service's TLS certificates. Exceptions will be if we, for example, change certificate authorities, or to the underlying protocols. Further details are provided on our website [2].
The change is being rolled out in two parts:
- Test systems
- Test systems for domain registrars will have the change implemented on December 10, 2024
- Production systems
- Production systems (the registration service, and other web services) will have the change implemented on December 17, 2024, at 09:00 CET (UTC+1).
References: