On February 18, Let’s Encrypt announced a new type of ACME validation called DNS-PERSIST-01. This innovative protocol simplifies the process of issuing and renewing digital certificates by leveraging a persistent authorization mechanism based on DNS entries. Currently available only in a testing environment, it is set for a production launch in Q2 2026.
This development is significant for website operators and developers who rely on Let’s Encrypt for secure SSL/TLS certificates. DNS-PERSIST-01 offers a more streamlined approach than the traditional DNS-01 method, which requires creating a new TXT record with a temporary token each time a certificate is issued or renewed. By allowing for permanent authorization records, this new mechanism could reduce the ongoing administrative burden of managing DNS entries, particularly for those with multiple domains or subdomains.
Within the broader market, Let’s Encrypt remains a prominent player offering free SSL/TLS certificates, with alternatives like DigiCert, GlobalSign, and Comodo providing paid options that often come with additional support and features. While competitors may offer more robust services—such as extended validation or warranty policies—Let’s Encrypt’s free model appeals to a vast audience, particularly startups and smaller businesses looking to minimize costs. The introduction of DNS-PERSIST-01 could enhance its competitive edge by simplifying certificate management without sacrificing security.
This new validation method is particularly suited for those who manage various domains and want to streamline their certificate lifecycle management. However, it may not be ideal for users who require immediate implementation or those who rely on features provided by paid services, such as premium customer support or warranty options. If you prefer a more traditional approach to certificate management or need specific features that only paid services can offer, it might be worth exploring those alternatives instead.
Source:
www.ithome.com
