What just happened? Let's Encrypt began issuing free TLS certificates in 2015. After becoming the world's largest certificate authority, the nonprofit is now targeting niche use cases – such as securing IP addresses – with newly supported certificate types.
Originally launched in 2012 by Mozilla employees J. Alex Halderman and the late Peter Eckersley, the Let's Encrypt project now provides TLS certificates to over 600 million websites. The nonprofit certificate authority has traditionally focused on securing connections for web domains, but it has recently expanded its offerings to include IP addresses as well.
The organization issued its first IP address certificate shortly after announcing the change in January 2025. The feature is currently rolling out to more users, although few major web companies are expected to need this additional layer of protection against IP spoofing or traffic interception.
An Internet Protocol address is a numerical label assigned to each device connected to a network that uses the TCP/IP protocol. IP addresses help identify and locate network interfaces for sending and receiving data. However, most internet users rarely interact with IP addresses directly, since the Domain Name System translates them into user-friendly web domains.
Major security improvements in recent years have focused on strengthening the DNS infrastructure to protect the internet from scammers and other threats, and TLS technology is now playing a crucial role in that effort. Let's Encrypt noted that there is no technical barrier preventing an IP address from receiving a TLS certificate, yet few certificate authorities have offered this service until now.
So why is the organization beginning to issue free certificates for IP addresses? Encrypting traffic that goes directly to an IP address can be valuable in several scenarios, starting with default landing pages used by hosting providers to manage multiple websites. Shared hosting environments often assign a single IP address to many domain names, and enabling encrypted access to that shared IP can enhance both usability and security for hosts and users alike.
TLS certificates for IP addresses also offer benefits when a site doesn't have a registered domain name, or when securing DNS over HTTPS and other infrastructure-level services. In addition, the feature can improve security for remote access to smart home devices, as well as for temporary or internal connections within cloud hosting infrastructures.
Let's Encrypt says IP address certificates are currently available for testing in its Staging environment. The organization expects to roll out the feature more broadly later in 2025. Many existing clients that use the ACME protocol should already be able to request these new TLS certificates with minimal adjustments.
Let's Encrypt is now issuing free TLS certificates for IP addresses
