Certificate Profile Selection (Let's Encrypt)

Let's Encrypt has announced a new feature called "profile selection" as an extension to its implementation of the ACME protocol. This feature allows site operators and ACME clients to choose from different certificate profiles when requesting certificates. The staging environment now includes a new field in its directory resource that lists available profiles, including the "classic" profile, which maintains the traditional certificate attributes, and the "tlsserver" profile, designed specifically for TLS server usage with several modifications. Notably, the "tlsserver" profile omits the Common Name field and Subject Key Identifier, aligning with current Baseline Requirements. A forthcoming "shortlived" profile will also be introduced, offering certificates with a validity of only six days. ACME clients can specify their desired profile in new-order requests, and if not specified, the server will select one automatically. Site operators and ACME client users are encouraged to monitor their clients for updates regarding this feature and to test the new profiles in the staging environment. Further information will be provided as the implementation progresses towards production.

- Let's Encrypt introduces "profile selection" for certificate requests.

- New profiles include "classic" and "tlsserver," with specific attributes for each.

- A "shortlived" profile will be available soon, offering certificates valid for six days.

- ACME clients can specify profiles in new-order requests.

- Users are encouraged to test the new profiles and provide feedback.