https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate
Let’s Encrypt, the popular certificate authority known for providing free TLS/SSL certificates, has begun issuing digital certificates for IP addresses at no cost. While other certificate authorities like PositiveSSL, Sectigo, and GeoTrust offer similar services for $40 to $90 annually, Let’s Encrypt’s free offering represents a significant shift in the certificate landscape. The service allows users with static IP addresses to host websites using numeric identifiers while maintaining secure connections, eliminating the need to purchase domain names that typically cost between $10 and $50 per year.
The new IP address certificates serve several practical purposes, according to Aaron Gable, principal engineer at Let’s Encrypt. Hosting providers can use them to create default landing pages when users type IP addresses directly into browsers, similar to how Cloudflare handles 1.1.1.1 and Google manages 8.8.8.8. The certificates also benefit servers supporting DNS over HTTPS protocols and can secure short-lived connections for server administration or home network devices like network-attached storage servers.
However, the implementation comes with notable limitations and security considerations. Let’s Encrypt restricts IP address certificates to just six days of validity, part of the industry’s broader move toward short-lived certificates to reduce fraud risks. The service acknowledges several drawbacks to IP-based websites, including the instability of dynamically allocated IP addresses from ISPs, the lack of established arbitration rules for IP disputes, and potential negative impacts on load times and search engine optimization when backend changes require redirects. The IP certificate feature is currently available in Let’s Encrypt’s staging environment and will become generally available later this year.