diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md
index 536a8d207..3a22fe77a 100644
--- a/content/en/docs/profiles.md
+++ b/content/en/docs/profiles.md
@@ -1,7 +1,7 @@
---
title: Profiles
slug: profiles
-lastmod: 2025-12-19
+lastmod: 2026-02-11
show_lastmod: false
---
@@ -26,7 +26,7 @@ The classic profile is the default profile selected for all orders which do not
| [Order Lifetime](#order-lifetime) | 7 days |
| [Certificate Common Name](#certificate-common-name) | Yes* |
| [Key Encipherment KU](#key-encipherment-key-usage) | Yes† |
-| [TLS Client Auth EKU](#tls-client-authentication-extended-key-usage) | Yes‡ |
+| [TLS Client Auth EKU](#tls-client-authentication-extended-key-usage) | No |
| [Subject Key ID](#subject-key-identifier-extension) | Yes |
| [Validity Period](#validity-period) | 90 days |
| [Revocation Information](#revocation-information) | CRL |
@@ -37,8 +37,6 @@ The classic profile is the default profile selected for all orders which do not
: Only included for certificates with RSA public keys.
-: Until February 11, 2026. See [deprecation timeline information](/2025/05/14/ending-tls-client-authentication/) for a full timeline.
-
## tlsserver
@@ -91,18 +89,16 @@ We recommend this profile for those who fully trust their automation to renew th
## tlsclient
-The tlsclient profile is _currently_ identical to the classic profile. However,
-as [announced on our blog](/2025/05/14/ending-tls-client-authentication):
+Certificates issued with the tlsclient profile contain the TLS Client Auth EKU.
+It is otherwise identical to the classic profile.
-- on February 11, 2026, the TLS Client Auth EKU will be removed from the classic
- profile, but will remain in this profile; and
-- on May 13, 2026, this profile will cease to exist.
+However, as [announced on our blog](/2025/05/14/ending-tls-client-authentication),
+this profile will cease to exist on May 13, 2026.
This profile exists for the sole purpose of allowing Subscribers who need access
to TLS Client Auth certificates to retain that EKU for slightly longer, to
ease their transition into a TLS Server Auth-only world. If you do not
-specifically need the TLS Client Auth EKU, or if you do need it but are able to
-migrate away from it before February 2026, then you can and should safely ignore
+specifically need the TLS Client Auth EKU, then you can and should safely ignore
this profile.
diff --git a/content/en/upcoming-features.md b/content/en/upcoming-features.md
index 566547f57..cf95245a6 100644
--- a/content/en/upcoming-features.md
+++ b/content/en/upcoming-features.md
@@ -1,7 +1,7 @@
---
title: Upcoming Features
slug: upcoming-features
-lastmod: 2025-12-17
+lastmod: 2026-02-11
show_lastmod: 1
---
@@ -11,7 +11,7 @@ For announcements of upcoming changes, please [subscribe to the Technical Update
## Removal of TLS Client Authentication EKU
-On February 11, 2026, we intend to [remove the "TLS Client Authentication" Extended Key Usage (EKU)](https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/) from our default certificate profile. Prior to that date, we will offer an alternative profile which will still contain that EKU, but note that this will be a temporary stop-gap for clients that need more time to migrate away from needing it: that alternate profile will go away on May 13, 2026.
+On February 11, 2026, we [removed the "TLS Client Authentication" Extended Key Usage (EKU)](https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/) from our default certificate profile. As a temporary stop-gap for clients that need more time to migrate, we have a [tlsclient](https://letsencrypt.org/docs/profiles/#tlsclient) profile available until May 13, 2026.
## Decreasing Certificate Lifetimes to 45 Days