6-Day and IP Address Certificates Are Generally Available

The introduction of six‑day short‑lived certificates marks a significant shift in the public‑key infrastructure ecosystem. Traditional 90‑day certificates rely on revocation mechanisms that are often slow, inconsistent, or ignored by browsers and clients. By forcing more frequent validation, Let’s Encrypt reduces the window of vulnerability when a private key is exposed, aligning with industry calls for tighter security hygiene. This move also nudges organizations toward fully automated renewal pipelines, a best practice that mitigates human error and operational risk.

IP address certificates address a growing need for TLS encryption in environments where domain names are unavailable or impractical, such as internal APIs, IoT devices, and legacy systems identified solely by IP. Supporting both IPv4 and IPv6, these certificates inherit the short‑lived model, ensuring that transient IP allocations are re‑validated often enough to prevent stale or compromised credentials. This capability expands Let’s Encrypt’s reach beyond web‑facing services, fostering broader adoption of encrypted traffic across diverse network topologies.

From a market perspective, Let’s Encrypt’s decision to halve its default certificate lifespan to 45 days reinforces its leadership in driving industry standards toward more frequent key rotation. While the short‑lived and IP‑based options remain opt‑in, they set a precedent that may pressure other Certificate Authorities to follow suit. Enterprises that have already automated certificate management will find the transition seamless, whereas those lagging may need to accelerate automation initiatives to avoid service disruptions. Ultimately, these changes promise a more resilient TLS ecosystem, with reduced reliance on unreliable revocation and greater flexibility for non‑domain‑centric deployments.