From e42e19d7c2f23fb08398e51c7db69c3a1e3695cb Mon Sep 17 00:00:00 2001
From: Matthew McPherrin <git@mcpherrin.ca>
Date: Wed, 11 Feb 2026 13:57:04 -0500
Subject: [PATCH 1/4] Update documentation for tls client auth eku removal

---
 content/en/docs/profiles.md     | 12 +++++-------
 content/en/upcoming-features.md |  2 +-
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md
index 536a8d207..40ed54f49 100644
--- a/content/en/docs/profiles.md
+++ b/content/en/docs/profiles.md
@@ -91,18 +91,16 @@ We recommend this profile for those who fully trust their automation to renew th
 
 ## tlsclient
 
-The tlsclient profile is _currently_ identical to the classic profile. However,
-as [announced on our blog](/2025/05/14/ending-tls-client-authentication):
+Certificates issued with the tlsclient profile contain the TLS Client Auth EKU.
+It is otherwise identical to the classic profile.
 
-- on February 11, 2026, the TLS Client Auth EKU will be removed from the classic
-  profile, but will remain in this profile; and
-- on May 13, 2026, this profile will cease to exist.
+However, as [announced on our blog](/2025/05/14/ending-tls-client-authentication)
+on May 13, 2026, this profile will cease to exist.
 
 This profile exists for the sole purpose of allowing Subscribers who need access
 to TLS Client Auth certificates to retain that EKU for slightly longer, to
 ease their transition into a TLS Server Auth-only world. If you do not
-specifically need the TLS Client Auth EKU, or if you do need it but are able to
-migrate away from it before February 2026, then you can and should safely ignore
+specifically need the TLS Client Auth EKU, then you can and should safely ignore
 this profile.
 
 
diff --git a/content/en/upcoming-features.md b/content/en/upcoming-features.md
index 566547f57..d2cf49adb 100644
--- a/content/en/upcoming-features.md
+++ b/content/en/upcoming-features.md
@@ -11,7 +11,7 @@ For announcements of upcoming changes, please [subscribe to the Technical Update
 
 ## Removal of TLS Client Authentication EKU
 
-On February 11, 2026, we intend to [remove the "TLS Client Authentication" Extended Key Usage (EKU)](https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/) from our default certificate profile. Prior to that date, we will offer an alternative profile which will still contain that EKU, but note that this will be a temporary stop-gap for clients that need more time to migrate away from needing it: that alternate profile will go away on May 13, 2026.
+On February 11, 2026, we [removed the "TLS Client Authentication" Extended Key Usage (EKU)](https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/) from our default certificate profile. As a temporary stop-gap for clients that need more time to migrate, we have a [tlsclient](https://letsencrypt.org/docs/profiles/#tlsclient) profile available until May 13, 2026.
 
 ## Decreasing Certificate Lifetimes to 45 Days
 

From bc4c4fbcfaa7b14311c8e40572ea9053d9c247fe Mon Sep 17 00:00:00 2001
From: Matthew McPherrin <git@mcpherrin.ca>
Date: Wed, 11 Feb 2026 13:57:53 -0500
Subject: [PATCH 2/4] lastmod

---
 content/en/docs/profiles.md     | 2 +-
 content/en/upcoming-features.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md
index 40ed54f49..3a456258d 100644
--- a/content/en/docs/profiles.md
+++ b/content/en/docs/profiles.md
@@ -1,7 +1,7 @@
 ---
 title: Profiles
 slug: profiles
-lastmod: 2025-12-19
+lastmod: 2026-02-11
 show_lastmod: false
 ---
 
diff --git a/content/en/upcoming-features.md b/content/en/upcoming-features.md
index d2cf49adb..cf95245a6 100644
--- a/content/en/upcoming-features.md
+++ b/content/en/upcoming-features.md
@@ -1,7 +1,7 @@
 ---
 title: Upcoming Features
 slug: upcoming-features
-lastmod: 2025-12-17
+lastmod: 2026-02-11
 show_lastmod: 1
 ---
 

From b33b0ac7a865821621afe8c76c183c239ed4e3e4 Mon Sep 17 00:00:00 2001
From: Matthew McPherrin <git@mcpherrin.ca>
Date: Wed, 11 Feb 2026 14:03:12 -0500
Subject: [PATCH 3/4] Update classic profile too

---
 content/en/docs/profiles.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md
index 3a456258d..638116296 100644
--- a/content/en/docs/profiles.md
+++ b/content/en/docs/profiles.md
@@ -26,7 +26,7 @@ The classic profile is the default profile selected for all orders which do not
 | [Order Lifetime](#order-lifetime)                                    | 7 days                                    |
 | [Certificate Common Name](#certificate-common-name)                  | <a href="#footnote-1">Yes<sup>*</sup></a> |
 | [Key Encipherment KU](#key-encipherment-key-usage)                   | <a href="#footnote-2">Yes<sup>†</sup></a> |
-| [TLS Client Auth EKU](#tls-client-authentication-extended-key-usage) | <a href="#footnote-3">Yes<sup>‡</sup></a> |
+| [TLS Client Auth EKU](#tls-client-authentication-extended-key-usage) | No                                        |
 | [Subject Key ID](#subject-key-identifier-extension)                  | Yes                                       |
 | [Validity Period](#validity-period)                                  | 90 days                                   |
 | [Revocation Information](#revocation-information)                    | CRL                                       |
@@ -37,8 +37,6 @@ The classic profile is the default profile selected for all orders which do not
 
 <sup id="footnote-2">†</sup>: Only included for certificates with RSA public keys.
 
-<sup id="footnote-3">‡</sup>: Until February 11, 2026. See [deprecation timeline information](/2025/05/14/ending-tls-client-authentication/) for a full timeline.
-</div>
 <div class="boxed">
 
 ## tlsserver

From 9f685d1179693fe091d0d4c3012e3b84fda7492e Mon Sep 17 00:00:00 2001
From: Matthew McPherrin <git@mcpherrin.ca>
Date: Wed, 11 Feb 2026 14:31:44 -0500
Subject: [PATCH 4/4] rephrase for clarity

we didn't make the announcment on that date; that's when the change happens
---
 content/en/docs/profiles.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md
index 638116296..3a22fe77a 100644
--- a/content/en/docs/profiles.md
+++ b/content/en/docs/profiles.md
@@ -92,8 +92,8 @@ We recommend this profile for those who fully trust their automation to renew th
 Certificates issued with the tlsclient profile contain the TLS Client Auth EKU.
 It is otherwise identical to the classic profile.
 
-However, as [announced on our blog](/2025/05/14/ending-tls-client-authentication)
-on May 13, 2026, this profile will cease to exist.
+However, as [announced on our blog](/2025/05/14/ending-tls-client-authentication),
+this profile will cease to exist on May 13, 2026.
 
 This profile exists for the sole purpose of allowing Subscribers who need access
 to TLS Client Auth certificates to retain that EKU for slightly longer, to