Let’s Encrypt Launches 6-Day Certificates for IP-Based SSL Encryption

Let’s Encrypt, the world-renowned free Certificate Authority (CA), is on the verge of a significant milestone: issuing SSL/TLS certificates for IP addresses, a long-awaited feature that promises to enhance security for a broader range of internet-connected devices and services.

In a recent update, Let’s Encrypt staff member JamesLE announced that the organization is preparing to roll out certificates that include IP addresses in their Subject Alternative Name (SAN) fields from its production environment.

Short-Lived Certificates

Unlike traditional SSL certificates, which typically have a 90-day validity period, the new IP-based certificates will be issued exclusively under Let’s Encrypt’s “shortlived” profile.

These certificates will be valid for just six days, a move designed to minimize the risk window in the event of a key compromise and to encourage automated certificate renewal practices.

The shortlived profile is not entirely new, but its application to IP address SANs marks a significant expansion.

For now, access to these certificates will be restricted to an allowlist as Let’s Encrypt continues to refine the process and monitor for potential issues.

The organization has not yet provided a public launch date or begun accepting allowlist requests, signaling a cautious and measured approach to this new capability.

Historically, SSL/TLS certificates have been issued primarily for domain names. However, many modern applications—such as IoT devices, internal networks, and certain APIs—operate directly over IP addresses without a corresponding domain.

Until now, securing these endpoints with trusted certificates has been a challenge, often requiring expensive or cumbersome solutions.

By enabling SSL encryption directly for IP addresses, Let’s Encrypt is lowering the barrier for secure communications across a wider array of use cases.

This move is expected to benefit developers, network administrators, and businesses seeking to protect sensitive data in transit, regardless of whether their endpoints are associated with traditional domain names.

Let’s Encrypt has already issued sample certificates in its staging environment, inviting the community to test and provide feedback.

One such example is accessible at https://[2602:ff3a:1:abad:c0f:fee:abad:cafe]/. The team is actively seeking reports of unusual behavior or compatibility issues, such as a recently identified bug in Firefox’s handling of IP address SANs.

While there is still work to be done before a full public rollout, Let’s Encrypt’s move toward IP-based SSL certificates represents a major step forward in internet security.

As the organization continues to refine its processes, the broader internet community eagerly anticipates the expanded possibilities for secure, accessible, and automated encryption.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates