Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Bans Apps Used to Remotely Disable E-Rickshaws
July 3, 2026
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Home/CyberSecurity News/Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available
CyberSecurity News

Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available

Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options, which became available starting in early...

Marcus Rodriguez
Marcus Rodriguez
January 17, 2026 2 Min Read
37 0

Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options, which became available starting in early 2026, aim to address long-standing issues in certificate security.

Short-lived certificates last just 160 hours, about six and a half days, while IP-based ones tie directly to IP addresses instead of domain names. Users activate them by choosing the “short-lived” profile in their ACME client.

This move comes as organizations push for stronger TLS protections amid rising key compromises and supply chain attacks. Let’s Encrypt announced the general availability in a blog post, building on beta tests from late 2025.

Short-Lived Certificates Boost Security

Traditional TLS certificates last up to 90 days, creating wide windows for damage if private keys leak. Attackers can exploit stolen keys until revocation kicks in or the certificate expires.

But revocation systems, like CRLs and OCSP, often fail many clients ignore them due to latency or misconfiguration. Short-lived certificates cut this risk sharply.

By forcing renewal every six days, they demand fresh validation against the certificate authority (CA). This reduces reliance on flaky revocation. If a key compromises, the certificate dies fast, limiting exposure to hours, not weeks.

Let’s Encrypt emphasizes that this is an opt-in feature only. Automated setups renew effortlessly via ACME, but manual users may prefer to keep longer lifetimes for now.

The team plans to halve default lifetimes to 45 days over the next few years, as outlined in their December 2025 update. This gradual shift encourages automation without disruption. Early adopters report smooth operations, proving short-lived certs scale for production.

IP Address Certificates Fill a Key Gap

IP-based certificates let servers authenticate TLS over raw IP addresses, supporting both IPv4 and IPv6. Unlike domain certs, which use DNS validation, these bind to specific IPs via IP address validation methods. Let’s Encrypt mandates they be short-lived, recognizing IPs change often think dynamic cloud instances or mobile networks.

Use cases include legacy systems without domains, containerized apps on private nets, and quick TLS for test environments. Validation happens via ACME challenges proving control of the IP, often through direct connection. Let’s Encrypt issued its first IP cert in July 2025, validating the approach.

Security experts praise this for closing gaps in hybrid networks. Firewalls and load balancers can now secure IP-only traffic without workarounds like self-signed certs.

For threat hunters and SecOps, these certs mean tighter key rotation and less revocation chasing. Integrate them into CI/CD pipelines for zero-trust setups. Monitor via tools like Certificate Transparency logs to spot anomalies early.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles

Next Post

Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
AI Poisoning Attack Abuses SEO and Hidden HTML to Trick AI Agents
July 3, 2026
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us