What Happened on May 8, 2026
At 18:37 UTC on May 8, 2026, Let’s Encrypt halted all certificate issuance. The root cause: cross-signs of X2/YR by X1 and YE by X2 were issued without the Extended Key Usage (EKU) fields now required by the CA/B Forum Baseline Requirements. Let’s Encrypt’s response was to roll issuance back from the new Generation Y root hierarchy to the older Generation X root. Issuance resumed at approximately 21:05 UTC. Total duration: approximately 2 hours and 28 minutes. Let’s Encrypt published a post-mortem on May 13, 2026.
The May 8 incident was the second significant Let’s Encrypt issuance event in under a year. On July 21, 2025, a complete ACME API outage caused multi-hour total failure of Let’s Encrypt’s certificate issuance infrastructure. That outage produced a post-mortem dated September 2, 2025. These two events, occurring within ten months of each other, define the reliability context that anyone evaluating Let’s Encrypt as their sole certificate provider in 2026 should understand.
What these outages do and do not affect: a Let’s Encrypt outage breaks new issuance and renewal. It does not break currently valid certificates. TLS handshakes do not contact Let’s Encrypt on every request. OCSP revocation checking, which once depended on CA infrastructure being available, reached end of life on May 7, 2025 and August 6, 2025 (Let’s Encrypt stopped including OCSP URLs, then shut down OCSP servers). A 2-hour outage does not expire valid certificates. What it does is block any renewal attempt during that window. At 47-day or 90-day certificate lifetimes, a 2-hour window rarely catches a certificate expiring today. A multi-day outage starts catching the long tail of certificates already in their renewal window.
Let’s Encrypt’s 2026 Infrastructure Changes: The Full Picture
The May 8 incident occurred during a period of significant infrastructure change at Let’s Encrypt. Understanding the change trajectory is relevant to the reliability discussion:
- OCSP discontinued (May 7, 2025): Let’s Encrypt stopped including OCSP URLs in certificates. On August 6, 2025, OCSP servers were shut down entirely. Revocation information is now published exclusively via CRLs. This was a deliberate privacy-improving decision, not an incident.
- Expiry notification emails discontinued (June 4, 2025): Let’s Encrypt deleted all email addresses from its production database. The service that reminded users their certificate was expiring no longer exists.
- Short-lived certificates launched (January 15, 2026): 6-day certificate lifetimes are available via opt-in. This is intended to improve security but increases renewal frequency and automation dependency.
- Generation Y root hierarchy transition: the May 8 incident occurred during the transition to new Generation Y intermediates. Cross-sign verification issues in new infrastructure caused the issuance halt.
- 45-day certificate default schedule: opt-in profile available from May 13, 2026. Default migration: 64-day certificates from February 10, 2027; 45-day certificates from February 16, 2028.
- TLS Client Authentication EKU removed (February 11, 2026): certificates no longer include the TLS Client Auth EKU by default. Affects systems using Let’s Encrypt certificates for client authentication.
- Buypass discontinued: Buypass Go SSL, previously the main free ACME alternative, halted issuance on October 15, 2025 and shut down its ACME endpoint on April 15, 2026. Any documentation pointing at api.buypass.com is now stale. ZeroSSL is the only active free ACME alternative.
What ZeroSSL Is and Why Its Growth Matters
ZeroSSL is an SSL certificate service operated by the Stack Holdings group, which also operates SSL.com’s parent company. ZeroSSL issues Sectigo-backed certificates  Sectigo is the issuing CA behind ZeroSSL certificates, which is why TechnologyChecker.io’s Q1 2026 Certificate Transparency analysis reported ZeroSSL’s growth alongside Sectigo’s: they share a parent infrastructure.
TechnologyChecker.io’s analysis of 8.7 billion SSL certificates in Q1 2026 reported that ZeroSSL’s ECDSA issuer surged 51.1%, the fastest growth of any major issuing CA in the quarter. For context: Let’s Encrypt’s market share dropped from 63.0% to 54.4% between Q4 2025 and Q1 2026, then rebounded to 56.8% in April 2026 after a large Q4 2025 batch was recognized as a calendar artifact. ZeroSSL is now virtually tied with Let’s Encrypt on the .org TLD, with Let’s Encrypt R13, R12, and ZeroSSL ECC Domain Secure each holding approximately 17.1 million certificates.
The 51.1% ECDSA growth is tied directly to Cloudflare integration. ZeroSSL ECC certificates are the default for Cloudflare-integrated hosting environments. When a hosting provider switches to Cloudflare or an operator enables Cloudflare proxy, ZeroSSL ECC certificates appear at scale. This is automated infrastructure adoption rather than individual developer choices, which explains the growth speed.
ZeroSSL vs Let’s Encrypt: The Technical Comparison
| Dimension | Let’s Encrypt | ZeroSSL | Practical implication |
| Cost | Free | Free (basic tier); paid plans with SLA available | Equal at free tier. ZeroSSL paid plans add support and SLA. |
| Certificate type | DV only | DV only (free); OV/EV on paid plans | Neither free tier offers verified business identity. Paid ZeroSSL does. |
| ACME compatibility | Native ACME; no setup required | ACME with required External Account Binding (EAB) | ZeroSSL requires one additional EAB registration step. Not difficult but often missing from guides. |
| Rate limits | 50 certificates/domain/week; 5 failed validations/account/hour; 300 certificates/account/3 hours | Less documented; reported 429 errors on multi-SAN HTTP-01 under cert-manager | Let’s Encrypt rate limits are published; ZeroSSL limits are less transparent. cert-manager users have reported 429 issues at scale. |
| Wildcard certificates | Supported via DNS-01 challenge | Supported via DNS-01 challenge | Equal. |
| ECDSA certificates | Supported (E7, E8 issuers) | Supported (ECC Domain Secure issuer, 51.1% growth Q1 2026) | Both support ECDSA P-256. ZeroSSL ECDSA growing faster due to Cloudflare integration. |
| Validity period | 90 days current; 45 days by 2028 | 90 days (free tier) | Equal for now. Let’s Encrypt has published the 45-day migration schedule. |
| Warranty | None | None (free tier) | Neither free tier includes financial warranty. Paid Sectigo OV certificates: $50,000 warranty. |
| Support | Community forum only | Email support (paid plans); limited free tier | Let’s Encrypt has better community documentation. ZeroSSL paid plans add direct support. |
| Incident history (2025-2026) | July 2025 complete API outage; May 8, 2026 issuance halt (~2h28m) | No documented major outages in same period | Let’s Encrypt has experienced two significant incidents in under a year. ZeroSSL has not experienced comparable documented outages. |
| Uptime SLA | None published | Available on paid plans | Neither free tier offers SLA. This is the fundamental difference from paid certificates. |
Adding ZeroSSL as a Fallback ACME Directory
The single most useful operational response to the May 2026 incident is configuring a second ACME directory so that renewal failures at Let’s Encrypt can fail over to ZeroSSL. ZeroSSL’s ACME endpoint requires External Account Binding (EAB) credentials, which require a one-time registration at app.zerossl.com.
Step 1: Get EAB credentials from ZeroSSL
Register at app.zerossl.com. Navigate to Developer. Generate EAB credentials. You will receive an EAB Key ID and EAB HMAC key.
Step 2: Configure Certbot with ZeroSSL as alternate
certbot certonly –server https://acme.zerossl.com/v2/DV90 \
–eab-kid YOUR_EAB_KEY_ID \
–eab-hmac-key YOUR_EAB_HMAC_KEY \
-d example.com \
–webroot -w /var/www/html
Step 3: Configure acme.sh with ZeroSSL
acme.sh –register-account -m your@email.com \
–server zerossl \
–eab-kid YOUR_EAB_KEY_ID \
–eab-hmac-key YOUR_EAB_HMAC_KEY
At 47-day certificate validity (coming 2028-2029) and even at current 90-day validity, a multi-CA renewal strategy is no longer an advanced configuration. It is operational hygiene. Any automation pipeline that can only renew from Let’s Encrypt will fail during a Let’s Encrypt outage. Any pipeline that tries Let’s Encrypt first and falls back to ZeroSSL on failure is resilient to single-CA incidents.
What Neither Free Certificate Solves: The Paid Certificate Case
The ZeroSSL vs Let’s Encrypt comparison is a choice between two free, DV-only, no-warranty, no-SLA certificate options. For most personal sites, open-source projects, and development environments, this comparison is the right one and either option is adequate.
For production websites that collect customer data, process payments, or represent a professional or commercial entity, the comparison has a missing option. The certificate type that neither Let’s Encrypt nor ZeroSSL free tier provides:
- OV validation: a Certificate Authority-verified organizational identity in the certificate Subject. Phishing sites cannot obtain OV. Let’s Encrypt and ZeroSSL free tier both issue DV.
- Warranty: Sectigo PositiveSSL DV from an authorized reseller includes a $50,000 warranty. OV certificates include higher warranty amounts. Neither Let’s Encrypt nor ZeroSSL free tier includes any warranty.
- SLA: ZeroSSL paid plans include a service level agreement for issuance. Let’s Encrypt has no SLA. Sectigo commercial certificates come with CA-backed issuance commitments.
- Support: Let’s Encrypt support is community forums only. ZeroSSL free tier is email only. A paid certificate from an authorized reseller includes reseller support and CA technical support escalation.
- Uptime independence: a paid Sectigo OV certificate issued for 199 days (current maximum validity) requires renewal once approximately every 199 days. At 90-day validity, this is once every 90 days. The renewal is not dependent on a single CA’s ACME infrastructure being available at a specific moment.
The cost comparison is straightforward. Let’s Encrypt: $0. ZeroSSL free: $0. Sectigo PositiveSSL DV from Certera: $4.99/year. The $4.99/year paid certificate adds a warranty and removes the free CA single-point-of-failure dependency from one critical dimension: you renew once per validity period, not 7+ times per year at 47-day validity. For the 2028-2029 47-day validity trajectory, paid multi-year certificates that you renew infrequently are structurally more resilient to CA outage windows than certificates requiring automated renewal 7.7 times per year.
The 47-day validity trajectory inverts the reliability argument. At current 90-day validity, a 2-hour Let’s Encrypt outage has minimal operational impact because the renewal window is wide. At 47-day validity, each certificate has a 7-day renewal window (renewing 30 days early against a 47-day lifetime). A 2-hour outage window is a larger fraction of a 7-day renewal window. As validity periods shorten, the reliability differential between a CA with documented outages and a CA with an SLA becomes more operationally significant.
Frequently Asked Questions
The May 8 outage was only 2 hours and 28 minutes. Is that actually a problem?
For a 2-hour outage at 90-day validity, the practical impact is near-zero for most operators. An ACME client configured to renew 30 days before expiry has a 30-day window in which to renew. A 2-hour failure in that 30-day window means the client retries on its next scheduled run (typically 12 or 24 hours later) and succeeds. The July 2025 outage, which lasted multiple hours, was more operationally disruptive. The concern is not any single outage but the pattern: two significant incidents in under a year, during a period of active infrastructure transition, with the 45-day validity migration coming. At 45-day validity, the renewal window narrows to approximately 10 days (renewing at 30 days remaining). A multi-hour outage in a 10-day window has a higher probability of catching a certificate that genuinely needs renewal today.
ZeroSSL is owned by the same parent company as SSL.com. Does that make it less independent?
ZeroSSL and SSL.com share parent infrastructure under Stack Holdings. The Sectigo connection means ZeroSSL free certificates are ultimately backed by Sectigo’s root infrastructure. If both ZeroSSL and Sectigo/SSL.com experienced simultaneous infrastructure issues, the diversification value of using ZeroSSL as a fallback from Let’s Encrypt would be preserved, since Let’s Encrypt (ISRG) operates entirely independent infrastructure. The ZeroSSL-Sectigo connection matters most when comparing ZeroSSL free to Sectigo paid certificates: they use overlapping infrastructure. For pure outage diversification against Let’s Encrypt, ZeroSSL is independent enough to serve as a fallback.
Should I switch entirely from Let’s Encrypt to ZeroSSL?
No. Let’s Encrypt remains the most reliable free ACME provider by documentation quality, community support, rate limit transparency, and overall usage scale. ZeroSSL’s value is as a second ACME directory for fallback configuration, not as a full replacement. The operational recommendation from practitioners who analyzed the May 8 incident (mySites.guru, The Coders Blog) is to move the specific sites that need renewal today to ZeroSSL during an outage, leaving the rest on Let’s Encrypt’s retry cron. A permanent full migration from Let’s Encrypt to ZeroSSL solves the outage diversification problem by replacing the risk of Let’s Encrypt outages with the risk of ZeroSSL outages. A dual-CA configuration is more resilient than either alone.
