Let's Encrypt now offers six-day certificates and IP address certificates in general availability. The shorter certificate lifetimes reduce the window of opportunity for attackers who compromise private keys, since certificate revocation is largely ineffective. While beneficial for high-security targets like financial institutions, these certificates require more frequent renewal (every four days), leaving less margin for error and potentially requiring weekend monitoring. Google Trust Services also supports short-lived certificates, with one-day certificates being the minimum possible. IP address certificates enable securing network devices without hostnames. Implementation is straightforward using ACME clients with profile support.
Table of contents
Cryptography & Security NewsletterIs a Six-Day Certificate Better or Worse?One-Day CertificatesCertificates for IP AddressesHow Do You Get These New Certificates?Sort: