Let's Encrypt renewals fail as ACME API hits multi-day incident

Let’s Encrypt’s certificate authority experienced renewal failures tied to its production ACME endpoint (acme-v02.api.letsencrypt.org) and the operator portal. The status page logs three separate INVESTIGATING entries spanning June 18 (16:04 and 16:35 UTC) and continuing into June 19 (04:45 UTC), indicating an issue that persisted or recurred over roughly half a day rather than a brief blip. Staging endpoints, certificate transparency logs, and the OCSP/CRL distribution hosts were not flagged, so the disruption appears concentrated in the live issuance and renewal path.

Because Let’s Encrypt issues short-lived certificates that clients renew automatically and frequently, even a transient API fault can produce a wave of failed ACME requests across the many sites and services that depend on it. Automated renewal clients typically retry, so most operators likely saw errors clear on their own, but the incident is a reminder of how much of the web’s TLS now rests on a single free CA and its API availability.

The overall status had returned to Operational at the time of capture, with all listed components green. The published page offers no root-cause detail or affected-volume figures, so the scope and underlying trigger remain unstated pending a fuller post-incident writeup.