Good News! Let’s Encrypt Begins Testing IP-Only Certificates — No Domain Needed
Do Son 
The free digital certificate authority Let’s Encrypt previously announced plans to offer certificates based solely on IP addresses. These IP-based certificates have now entered internal testing; however, they are not yet available for public application and will require users to await future availability.
While some commercial certificate authorities already issue IP-based digital certificates, such offerings are typically expensive and primarily targeted at enterprises. Let’s Encrypt aims to disrupt this monopoly by providing developers and IT administrators with a cost-free alternative.
It is important to note, however, that the validity period for these free IP-based certificates is limited to just six days. This decision is rooted in security considerations, as public IP addresses frequently change due to server provisioning and decommissioning. Issuing long-term certificates in such cases could introduce impersonation risks.
Given the brevity of the validity period, manual issuance and renewal would be impractical. Therefore, Let’s Encrypt will offer automated tools to help IT administrators request and deploy certificates seamlessly—so long as the IP address in question is verifiably under the user’s control.
The IP address certificates supported by Let’s Encrypt are structured using the SAN (Subject Alternative Name) extension. Typically, a certificate includes a Common Name that designates the primary domain, while additional domains are listed under SAN. In the case of IP-based certificates, there is no Common Name—only entries in the SAN field. Notably, these IP SAN certificates can also support multiple domain names, as demonstrated in Let’s Encrypt’s own test case.
Unfortunately, no official launch timeline has been provided yet. For now, users must continue relying on domain-based certificates. Once Let’s Encrypt formally releases IP-only certificates, they could be used across extensive IP address ranges without requiring domain names at all.
Related Posts:
- SSL Certificate Validity Reduced to 47 Days After Apple Proposal
- Apache Traffic Server Flaws Allow Access Bypass & Remote DoS
- Let’s Encrypt has protected more than 100 million websites
- Let’s Encrypt Root gains the trust of all major root programs
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
