Description
Starting June 6 2024, TLS certificates used to connect to Confluent Cloud will start using new intermediate certificates provided by Let's Encrypt. Let's Encrypt is making some changes to how it signs its certificates, resulting in shorter certificate length and reduced TLS handshakes. New intermediate certificates effective after June 6th can be found here, whereas current ones can be found here. You can learn more at https://letsencrypt.org/2024/04/12/changes-to-issuance-chains.
As noted by Let's Encrypt in the above article, clients who have pinned the intermediate certificates will be affected and will not be able to connect to Confluent Cloud once their cluster's certificates are renewed after June 6th by this change from Let's Encrypt. Note that certificate-pinning is not recommended and discouraged. Most certificate store configurations won't employ pinning, so the majority of Confluent Cloud customers will not be impacted by this change.
Applies To
All clients which connect to Confluent Cloud.
Resolution
What do you need to do?
No action is needed if you haven't pinned intermediate certificates per Confluent Cloud documentation. However, if you've pinned intermediate certificates, you need to update your clients' certificates by June 6th and remove the intermediate certificate pinning.
We’re here to help
For any questions or concerns please contact Confluent Technical Support.