Let's Encrypt announces the introduction of 'short-term certificates,' improving security and enabling issuance by IP address

TLS free of charge, has announced that it will begin issuing 'short-term certificates' that are valid for only six days by the end of 2025. The short-term certificates will also have an option to enable validation of IP addresses instead of domains.

Announcing Six Day and IP Address Certificate Options in 2025 - Let's Encrypt
https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/

The Internet Security Research Group (ISRG) , which operates Let's Encrypt, announced in its 2024 annual report that it would be able to issue certificates with a validity period of six days in 2025. In this blog post, more specific details of the plan have been made public.

In TLS, if the private key associated with a certificate is leaked, the certificate is revoked and everyone is informed that it should not be used. However, there are clients and services that do not properly handle revocation information, and revoked certificates can continue to be used until their original expiration date.

By shortening the certificate expiration date, the period during which a certificate is used after it has expired will be shorter, which will in turn reduce the amount of trouble caused by the mistaken use of expired certificates.


Let's Encrypt will begin issuing 'short-term certificates' with a six-day expiration date in 2025. Short-term certificates will not include OCSP or CRL revocation mechanisms, and will require a mechanism for automatic certificate renewal. In addition, short-term certificates will support IP addresses as an option, allowing secure TLS connections to be used for services that do not have domain names and must be accessed directly by IP address.

Let's Encrypt will issue short-term certificates for its own use in February 2025, and will begin introducing short-term certificates to some users from around April. The general public is expected to be able to use short-term certificates around the end of 2025.

Even after the introduction of short-term certificates, ACME will still be able to issue 90-day certificates, and if your ACME clients have automatic certificate renewals, they will be able to transition to short-term certificates without any issues.