This combined Certificate Policy ("CP") and Certification Practice Statement ("CPS") document ("CP/CPS") outlines the certification services practices for Internet Security Research Group ("ISRG") Public Key Infrastructure ("ISRG PKI").
ISRG PKI services include, but are not limited to, issuing, managing, validating, and revoking publicly-trusted Certificates in a manner consistent with this CP/CPS.
These services are provided to the general public with exceptions as ISRG management deems appropriate or in accordance with relevant law.
ISRG PKI services are most commonly, but not necessarily exclusively, provided under the brand/trademark "Let's Encrypt".
The ISRG PKI conforms to the current version of the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates published at https://www.cabforum.org. In the event of any inconsistency between this document and those Requirements, those Requirements take precedence over this document.
Other documents related to the behavior and control of the ISRG PKI, such as a Subscriber Agreement and Privacy Policy, can be found at https://letsencrypt.org/repository/.
Per IETF PKIX RFC 3647, this CP/CPS is divided into nine components that cover security controls, practices, and procedures for certification services provided by the ISRG PKI.
The following Certification Authorities are covered under this document:
| CA Type | Distinguished Name | Key Pair Type and Parameters | Cert SHA-256 Fingerprint | Validity Period |
|---|---|---|---|---|
| Root CA | C=US, O=Internet Security Research Group, CN=ISRG Root X1 |
RSA, n has 4096 bits, e=65537 | 96:BC:EC:06:26:49:76:F3: 74:60:77:9A:CF:28:C5:A7: CF:E8:A3:C0:AA:E1:1A:8F: FC:EE:05:C0:BD:DF:08:C6 |
Not Before: Jun 4 11:04:38 2015 GMT, Not After: Jun 4 11:04:38 2035 GMT |
| Root CA | C=US, O=Internet Security Research Group, CN=ISRG Root X2 |
ECDSA, NIST curve P-384 | 69:72:9B:8E:15:A8:6E:FC: 17:7A:57:AF:B7:17:1D:FC: 64:AD:D2:8C:2F:CA:8C:F1: 50:7E:34:45:3C:CB:14:70 |
Not Before: Sept 4 00:00:00 2020 GMT, Not After: Sept 17 16:00:00 2040 GMT |
This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
This is the ISRG CP/CPS. This document was approved for publication by the ISRG Policy Management Authority, and is made available at https://letsencrypt.org/repository/.
The following revisions have been made:
| Date | Changes | Version |
|---|---|---|
| May 5, 2023 | CP and CPS documents are combined. See past documents for prior version history. | 5.0 |
| May 16, 2023 | Make CPS OID and URL in Subscriber Certificates optional. | 5.1 |
| Feb 7, 2024 | Add CRL Distribution Point to subscriber certificate profile. Add IssuingDistributionPoint to subordinate CRL profile. Remove id-qt-cps from subscriber certificate profile, make it optional for subordinate certificate profile. Clarify waste disposal procedure. | 5.2 |
| Mar 22, 2024 | Improve accuracy of information regarding subscriber key compromise in sections 4.9.3 and 4.9.12. | 5.3 |
| Sep 27, 2024 | Remove statements regarding meaningful names. Format section headers to match RFC 3647. | 5.4 |
This CP/CPS applies to the ISRG CA.
ISRG does not delegate any of the Section 3.2 requirements to a Delegated Third Party. ISRG serves as its own RA.
See definition of "Subscriber" in Section 1.6.1 Definitions.
See definition of "Relying Party" in Section 1.6.1 Definitions.
Other participants include CAs that cross-sign or issue subordinates to the ISRG PKI.
ISRG PKI vendors and service providers with access to confidential information or privileged systems are required to operate in compliance with this ISRG CP/CPS.
No stipulation.
Certificates may not be used:
Note that Certificates do not guarantee anything regarding reputation, honesty, or the current state of endpoint security. A Certificate only represents that the information contained in it was verified as reasonably correct when the Certificate was issued.
The ISRG PMA maintains this document.
The ISRG PMA can be contacted at:
Policy Management Authority
Internet Security Research Group
P.O. Box 18666
Minneapolis, MN 55418-0666
USA
Certificate revocation requests can be made via the ACME API. Please see Section 4.9.3 for more information.
Certificate Problem Reports can be submitted via email to:
cert-prob-reports@letsencrypt.org
Issues can be filed via the GitHub repository where this document is maintained:
https://github.com/letsencrypt/cp-cps
The ISRG PMA is responsible for determining the suitability of this CP/CPS. ISRG policy is informed by results and recommendations received from an independent auditor.
The ISRG PMA approves any revisions to this CP/CPS after formal review.
ACME Protocol: A protocol used for validation, issuance, and management of certificates. The protocol is an open standard managed by the IETF.
Baseline Requirements: A document published by the CAB Forum which outlines minimum requirements for publicly trusted Certificate Authorities.
CAB Forum: Certificate Authority / Browser Forum, a group of CAs and browsers which come together to discuss technical and policy issues related to PKI systems. (https://cabforum.org/)
Certificate Repository: A repository of information about ISRG certificates. It is located at: https://letsencrypt.org/certificates/
Policy and Legal Repository: A repository of policy and legal documents related to the ISRG PKI. It is located at: https://letsencrypt.org/repository/
Precertificate: A certificate containing a critical poison extension as defined by RFC 6962 Section 3.1.
Secure PKI Facilities: Facilities designed to protect sensitive PKI infrastructure, including CA private keys.
Trusted Contributor: A contributor who performs in a Trusted Role. Trusted Contributors may be employees, contractors, or community members. Trusted Contributors must be properly trained and qualified, and have the proper legal obligations in place before performing in a Trusted Role.
Trusted Role: A role which qualifies a person to access or modify ISRG PKI systems, infrastructure, and confidential information.
See the Baseline Requirements for additional definitions.
| Acronym | Meaning |
|---|---|
| ACME | Automated Certificate Management Environment |
| DV | Domain Validation |
| HSM | Hardware Security Module |
| IP | Internet Protocol |
| ISRG | Internet Security Research Group |
| PMA | Policy Management Authority |
| SAN | Subject Alternative Name |
| TLD | Top Level Domain |
See the Baseline Requirements for additional acronyms.
CA/Browser Forum Network and Certificate System Security Requirements
Terms not otherwise defined in this CP/CPS shall be as defined in applicable agreements, user manuals, Certificate Policies, and Certification Practice Statements of the CA.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this CP/CPS shall be interpreted in accordance with RFC 2119.
ISRG Combined CP/CPS, Privacy Policy, Subscriber Agreement, and WebTrust audit documents are made publicly available in the Policy and Legal Repository, which can be found at:
https://letsencrypt.org/repository/
Records of all ISRG Root and Subordinate CA certificates, including those that have been revoked, are available in the Certificate Repository:
https://letsencrypt.org/certificates/
ISRG certificates contain URLs to locations where certificate-related information is published, including revocation information via OCSP and/or CRLs.
New or updated ISRG Combined CP/CPS, Privacy Policy, Subscriber Agreement, and WebTrust audit documents are made publicly available as soon as possible. This typically means within seven days of receipt or approval. The ISRG PMA will approve and publish updated CP/CPS documents at least annually.
New or updated ISRG Root and Subordinate CA certificates are made publicly available as soon as possible. This typically means within seven days of creation.
Read only access to the Policy and Legal Repository and certificate information is unrestricted. Write access is protected by logical and physical controls.
Certificate distinguished names and subject alternative names are compliant with the Baseline Requirements.
No stipulation.
Subscribers are not identified in DV certificates, which have subject fields identifying only FQDNs (not people or organizations). Relying Parties should consider DV certificate Subscribers to be anonymous.
Distinguished names in certificates are to be interpreted using X.500 standards and ASN.1 syntax.
Certificates do not assert any specific relationship between Subscribers and registrants of domain names contained in certificates.
Regarding Internationalized Domain Names, ISRG will have no objection so long as the domain is resolvable via DNS. It is the CA's position that homoglyph spoofing should be dealt with by registrars, and Web browsers should have sensible policies for when to display the punycode versions of names.
No stipulation.
ISRG reserves the right to make all decisions regarding Subscriber names in certificates. Entities requesting certificates will be required to demonstrate their right to use names (e.g. demonstrate control of an FQDN), but trademark rights are not verified.
While ISRG will comply with U.S. law and associated legal orders, it is ISRG's position that trademark enforcement responsibility for domain names should lie primarily with domain registrars and the legal system.
ISRG may elect not to issue any certificate at its sole discretion.
Applicants are required to prove possession of the Private Key corresponding to the Public Key in a Certificate request by signing the CSR provided to the Finalize method of the ACME Protocol defined in RFC 8555, Section 7.4.
ISRG only issues Domain Validation (DV) certificates. All FQDNs which will be listed in the Common Name and list of SANs in the certificate are fully validated prior to issuance.
ISRG uses three methods for validating domain control:
Validation for Wildcard Domain Names must be completed using the DNS Change method.
All validations are performed in compliance with the current CAB Forum Baseline Requirements at the time of validation.
ISRG does not issue Subscriber Certificates containing Subject Identity Information, and thus does not validate any natural person's identity.
Non-verified Applicant information is not included in ISRG certificates.
ISRG does not issue Subscriber Certificates containing Subject Identity Information, and thus does not validate any natural person's authority to request certificates on behalf of organizations.
ISRG discloses Cross Certificates in its Certificate Repository.
See Section 4.7.
See Section 4.7.
Identification and authentication for revocation requests is performed by ISRG in compliance with Section 4.9 of this document.
Identification and authentication are not required when ISRG is requesting revocation.
Anyone may submit an application for a certificate via the ACME protocol. Issuance will depend on proper validation and compliance with ISRG policies.
The enrollment process involves the following steps, in no particular order:
ISRG performs all identification and authentication functions in accordance with this CP/CPS. This includes validation per Section 3.2.2.
Certificate information is verified using data and documents obtained no more than 90 days prior to issuance of the Certificate.
As part of the issuance process, ISRG checks for CAA records and follows the processing instructions found, for each dNSName in the subjectAltName extension of the certificate to be issued, as specified in RFC 8659 and Section 3.2.2.8 of the Baseline Requirements. The CA acts in accordance with CAA records if present. If the CA issues, the CA will do so within the TTL of the CAA record, or 8 hours, whichever is greater. The CA's CAA identifying domain is letsencrypt.org.
ISRG maintains a list of high-risk domains and blocks issuance of certificates for those domains. Requests for removal from the high-risk domains list will be considered, but will likely require further documentation confirming control of the domain from the Applicant, or other proof as ISRG management deems necessary.
Approval requires successful completion of validation per Section 3.2.2 as well as compliance with all CA policies.
Certificates containing a new gTLD under consideration by ICANN will not be issued. The CA Server will periodically be updated with the latest version of the Public Suffix List and will consult the ICANN domains section for every requested DNS identifier. The CA server will not validate or issue for DNS identifiers that do not have a Public Suffix in the ICANN domains section.
No stipulation.
At a high level, the following steps are taken during issuance of a Subscriber Certificate. ISRG's automated processes confirm that all names which will appear in the Common Name and/or list of SANs of the certificate have been properly validated to be controlled by the Subscriber requesting the certificate. The certificate is signed by a Subordinate CA in an HSM. After issuance is complete, the certificate is stored in a database and made available to the Subscriber.
Subscriber Certificates are made available to Subscribers via the ACME protocol as soon after issuance as reasonably possible. Typically this happens within a few seconds.
No stipulation.
See Section 2.2 of this document for Root and Subordinate CA certificate publication information.
All Subscriber Certificates are made available to Subscribers via the ACME protocol.
For each Subscriber Certificate issuance, ISRG signs a Precertificate and submits it to a selection of Certificate Transparency logs. Upon successful submission, ISRG attempts to issue a certificate that matches the Precertificate (per RFC 6962 Section 3.1) and embeds at least two of the resulting Signed Certificate Timestamps (SCTs). ISRG submits the resulting final certificate to a selection of Certificate Transparency logs on a best-effort basis.
ISRG does not guarantee issuance of a final certificate for every Precertificate.
See Section 4.4.2.
Subscriber usage of Private Keys and Certificates is governed by the Let's Encrypt Subscriber Agreement.
Relying Parties should fully evaluate the context in which they are relying on certificates and the information contained in them, and decide to what extent the risk of reliance is acceptable. If the risk of relying on a certificate is determined to be unacceptable, then Relying Parties should not use the certificate or should obtain additional assurances before using the certificate.
ISRG does not warrant that any software used by Relying Parties to evaluate or otherwise handle certificates does so properly.
Certificate renewal requests are treated as applications for new certificates.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
Certificate re-key requests are treated as applications for new certificates.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
Certificate modification requests are treated as applications for new certificates.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
ISRG will follow the Baseline Requirements and revoke a certificate in accordance with Section 4.9.1.1 and Section 4.9.1.2 of the Baseline Requirements.
Anyone can revoke any certificate via the ACME API if they can sign the revocation request with the private key associated with the certificate. No other information is required in such cases.
Anyone can revoke any certificate via the ACME API if they can demonstrate control over all FQDNs covered by the certificate. No other information is required in such cases.
Subscribers can revoke certificates belonging to their accounts via the ACME API if they can sign the revocation request with the associated account private key. No other information is required in such cases.
ISRG may administratively revoke certificates if it determines that the Subscriber has failed to meet obligations under this CP/CPS, the relevant Subscriber Agreement, or any other applicable agreement, regulation, or law. Certificates may also be administratively revoked at ISRG management's discretion.
Anyone may make revocation requests, at any time, via the Certificate Revocation interface of the ACME Protocol defined in RFC 8555 section 7.6. See section 4.9.12 for additional information.
Requests for revocation may also be made by emailing cert-prob-reports@letsencrypt.org. ISRG maintains a continuous (24x7) ability to accept and respond to revocation requests and Certificate Problem Reports. ISRG will respond to such requests within 24 hours, though an investigation into the legitimacy of the request may take longer.
An investigation into whether revocation or other appropriate action is warranted will be based on at least the following criteria:
There is no grace period for a revocation request. A revocation request must be made as soon as circumstances requiring revocation are confirmed.
Investigation into a revocation request will begin within 24 hours of receiving the request. Revocation, if necessary, will be carried out within the timeframes set by Baseline Requirements Sections 4.9.1.1 and 4.9.1.2.
Relying Parties should verify the validity of certificates via CRL or OCSP prior to relying on certificates. Relying Parties who cannot or choose not to check certificate expiration or revocation status, but decide to rely on a certificate anyway, do so at their own risk.
See Section 4.5.2.
ISRG will issue updated CRLs with the frequency required by the Baseline Requirements.
When a Relying Party requests a CRL, the time to receive a response will be less than ten seconds under normal operating conditions.
Revocation information will be made available for all Subscriber Certificates via OCSP. Revocation information may be made available for Subordinate CA certificates via OCSP.
ISRG provides OCSP responses in compliance with Baseline Requirements Section 4.9.10.
ISRG allows for OCSP stapling.
ISRG considers key compromise demonstrated when revocation is successfully requested via the ACME Protocol and the request was signed by the private key of the certificate. Key compromise can be demonstrated via ACME even for certificates that have previously been revoked without demonstrating key compromise.
ISRG may also consider key compromise demonstrated by non-ACME methods.
When key compromise is demonstrated, ISRG blocks the key from use in future issuance and revokes all unexpired certificates that used that key.
ISRG does not consider a key compromised unless key compromise is demonstrated, but may revoke a certificate with reason code keyCompromise for other reasons. In these cases ISRG may not block the key from future use or revoke certificates using that key, even if the stated reason code is keyCompromise.
ISRG does not suspend certificates.
Not applicable.
Not applicable.
Not applicable.
ISRG will retain revocation entries on a CRL or OCSP Response as required by the Baseline Requirements.
All certificate status services are made available at all times (24x7) if possible.
No stipulation.
A Subscriber's subscription ends once all of Subscriber's ISRG certificates have expired or been revoked.
Prior to expiration of a Subscriber's certificate, ISRG may send Subscriber a notice regarding upcoming Certificate expiration if a contact email address was provided.
Not applicable.
Not applicable.
ISRG Secure PKI Facilities are located in the United States, as are all copies of ISRG CA Private Keys.
ISRG maintains at least two Secure PKI Facilities at all times for the sake of redundancy.
Secure PKI Facilities are constructed so as to prevent unauthorized entry or interference.
Secure PKI Facilities are monitored at all times (24x7) so as to prevent unauthorized entry or interference.
Physical access to ISRG Secure PKI Facilities is restricted to authorized ISRG employees, vendors, and contractors, for whom access is required in order to execute their jobs. Access restrictions are strongly enforced via multi-factor authentication mechanisms.
Redundant power sources are readily available at each Secure PKI Facility, and are designed to meet ISRG's operating requirements.
Air conditioning systems at each Secure PKI Facility are designed to meet ISRG's operating requirements.
ISRG Secure PKI Facilities are designed to protect ISRG infrastructure from water exposure/damage.
ISRG Secure PKI Facilities are designed to prevent fire and provide suppression if necessary.
ISRG Secure PKI Facilities are designed to prevent accidental damage or unauthorized access to media.
ISRG prohibits any media that contains or has contained sensitive data from leaving organizational control in such a state that it may still be operational, or contain recoverable data. Such media may include printed documents or digital storage devices. When media that has contained sensitive information reaches its end of life, the media is securely erased or physically destroyed such that recovery is reasonably believed to be impossible.
ISRG maintains multiple backups of ISRG CA Private Keys at multiple Secure PKI Facilities. All backups are stored on devices meeting FIPS 140-2 Level 3 (or higher) criteria.
All persons, employees or otherwise, with the ability to materially impact the operation of ISRG PKI systems and services, or the ability to view CA confidential information, must do so while designated as serving in a Trusted Role.
Trusted Roles include, but are not limited to:
Each Trusted Role requires an appropriate level of training and legal obligation.
A number of tasks, such as key generation and entering areas physically containing operating ISRG PKI systems, require at least two people in Trusted Roles to be present.
Anyone performing work in a Trusted Role must identify and authenticate themselves before accessing ISRG PKI systems or confidential information.
See Section 6.6.1.
ISRG management is responsible for making sure that Trusted Contributors are trustworthy and competent, which includes having proper qualifications and experience.
ISRG management ensures this with appropriate interviewing practices, training, background checks, and regular monitoring and review of Trusted Contributor job performance.
Trusted Contributors must undergo a background check prior to performing in a trusted role. ISRG management will review the results of background checks for problematic issues prior to approving performance of a trusted role.
Background checks include, without limitation, criminal background and employment history.
Trusted Contributors must be trained on topics relevant to the role in which they will perform.
Training programs are developed for each role by ISRG management and Security Officers.
Training is repeated annually for each Trusted Contributor, and covers topics necessary to maintain skill level requirements.
Training is also offered whenever changes in the industry or operations require it in order for contributors to competently perform in their trusted roles.
No stipulation.
Action will be taken to safeguard ISRG and its Subscribers whenever ISRG Trusted Contributors, whether through negligence or malicious intent, fail to comply with ISRG policies including this CP/CPS.
Actions taken in response to non-compliance may include termination, removal from trusted roles, or reporting to legal authorities.
Once management becomes aware of non-compliance the Trusted Contributor(s) in question will be removed from trusted roles until a review of their actions is complete.
Independent contractors who are assigned to perform Trusted Roles are subject to the duties and requirements specified for such roles in this CP/CPS. This includes those described in Section 5.3. Potential sanctions for unauthorized activities by independent contractors are described in Section 5.3.6.
Trusted Contributors are provided with all documentation necessary to perform their duties. This always includes, at a minimum, a copy of the ISRG CP/CPS and Information Security Policy.
Audit logs are generated for all events related to CA security (physical and logical) and certificate issuance. Logs are automatically generated whenever possible. When it is necessary to manually log information, logs are kept on paper with written confirmation from a witness and securely stored. All audit logs, electronic or otherwise, shall be retained and made available to compliance auditors upon request.
At a minimum, each audit record includes:
No stipulation.
Audit logs are retained for at least the period required by Section 5.4.3 of the Baseline Requirements.
Audit logs, whether in production or archived, are protected using both physical and logical access controls.
ISRG makes regular backup copies of audit logs.
Audit data is automatically generated and reported/recorded by operating systems, CA software applications, and network devices. Systems are in place to ensure proper reporting and recording of audit data, and the failure of such systems may lead to suspension of CA services until proper audit log reporting is restored.
No stipulation.
Audit logs are monitored by Trusted Contributors, including operations and engineering staff. Anomalies indicating attempted breaches of CA security are reported and investigated.
Internal and external vulnerability scans occur at least every three months.
Extensive vulnerability assessments for ISRG infrastructure are conducted at least annually by qualified third parties.
ISRG Security Officers perform a risk assessment at least annually. This risk assessment:
Identifies foreseeable internal and external threats that could result in unauthorized access, disclosure, misuse, alteration, or destruction of any Certificate Data or Certificate Management Processes;
Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of the Certificate Data and Certificate Management Processes; and
Assesses the sufficiency of the policies, procedures, information systems, technology, and other arrangements that the CA has in place to counter such threats.
ISRG archives all audit logs, the contents of which are described in Section 5.4.1. ISRG also archives other documents and information critical to understanding the historical security and performance of the CA's duties.
Archived records are retained for at least the period required by Section 5.5.2 of the Baseline Requirements.
Archives are protected from unauthorized modification or destruction by strong security and environmental controls.
Archives are backed up regularly.
Records are time-stamped as they are created.
Machine-created records use system time, which is synchronized automatically with third-party time sources. Machines without network access have the time set manually.
Manual records use a manually entered date and time, complete with time zone in use.
No stipulation.
No stipulation.
When a CA certificate is nearing expiration, a key changeover procedure is used to transition to a new CA certificate. The following steps constitute a key changeover procedure:
Some time prior to CA certificate expiration, the private key associated with the expiring certificate is no longer used to sign new certificates. It is only used to sign CRLs and OCSP responses.
A new key pair is generated and a new CA certificate is created containing the new key pair's public key. This new key pair is used to sign new certificates.
If necessary or desired, the old private key associated with the expiring certificate may be used to cross-sign the new certificate.
ISRG has created and maintains incident response procedures for a range of potential compromise and disaster situations. Such situations include, but are not limited to, natural disasters, security incidents, and equipment failure. Incident response plans are reviewed, potentially updated, and tested on at least an annual basis.
In the event that computing resources, software, and/or data are corrupted or otherwise damaged, ISRG will assess the situation, including its impact on CA integrity and security, and take appropriate action. CA operations may be suspended until mitigation is complete. Subscribers may be notified if corruption or damage has a material impact on the service provided to them.
In the event that an ISRG CA Private Key is compromised, or suspected to be compromised, ISRG will immediately launch a thorough investigation. Forensic evidence will be collected and secured as quickly as possible. If it cannot be determined with a high degree of certainty that the private key in question was not compromised, then the following steps may be taken in whatever order ISRG Security Officers deem most appropriate:
ISRG maintains multiple geographically diverse facilities, each of which is capable of operating ISRG CA systems independently. In the event that a disaster entirely disables one facility, ISRG CA operations will fail over to another facility.
In the event that ISRG CA services are to be terminated:
If a suitable successor entity exists, the following steps will be taken:
If a suitable successor entity does not exist, the following steps will be taken:
ISRG CA Private Keys are generated by HSMs meeting the requirements of Section 6.2.1. This occurs during a ceremony meeting the requirements of this CP/CPS.
See the Let's Encrypt Subscriber Agreement for information regarding Subscriber key pair generation.
ISRG never generates or has access to Subscriber Private Keys.
Subscriber Public Keys are communicated to ISRG electronically via the ACME protocol.
ISRG Public Keys are provided to Relying Parties as part of browser, operating system, or other software trusted root certificate lists.
ISRG Public Keys are also available in the Certificate Repository.
ISRG Root CA RSA Private Keys are at least 4096 bits in length.
ISRG Root CA ECDSA Private Keys are at least 384 bits in length.
ISRG Subordinate CA RSA Private Keys are at least 2048 bits in length.
ISRG Subordinate CA ECDSA Private Keys are at least 384 bits in length.
ISRG uses HSMs conforming to FIPS 186-4, capable of providing random number generation and on-board creation of at least 2048-bit RSA keys and at least 384-bit ECDSA keys.
Per NIST SP 800‐89 (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-89.pdf), section 5.3.3, the CA ensures that:
See Section 7, Certificate Profiles.
ISRG uses HSMs meeting FIPS 140-2 Level 3 (or higher) requirements.
ISRG has put into place security mechanisms which require multiple people performing in Trusted Roles in order to access ISRG CA Private Keys, both physically and logically. This is true for all copies of Private Keys, in production or backups, on-site or off-site.
ISRG does not escrow CA Private Keys and does not provide such a service for Subscribers.
Critical ISRG CA Private Keys are backed up both on-site and off-site, in multiple geographic locations, under multi-person control.
ISRG does not archive private keys.
ISRG CA Private Keys are generated inside HSMs and are only transferred between HSMs for redundancy or backup purposes. When transferred, keys are encrypted prior to leaving HSMs and unwrapped only inside destination HSMs. Keys never exist in plain text form outside of HSMs.
ISRG CA Private Keys are stored on HSMs meeting the requirements stated in Section 6.2.1.
ISRG CA Private Keys are always stored on HSMs and activated using the mechanisms provided by the HSM manufacturer.
ISRG CA Private Keys are always stored on HSMs and deactivated using the mechanisms provided by the HSM manufacturer.
ISRG CA Private Keys are destroyed by Trusted Contributors using a FIPS 140-2 (or higher) validated zeroize method provided by the HSMs storing the keys. Physical destruction of the HSM is not required.
See the Let's Encrypt Subscriber Agreement for information regarding Subscriber private key destruction.
See Section 6.2.1.
See Section 5.5.
The validity periods of ISRG Root CA, Subordinate CA, and Subscriber Certificates are profiled in Section 7 of this document.
ISRG Root and Subordinate CA key pairs have lifetimes corresponding to their certificates. Subscriber key pairs may be re-used indefinitely provided that there is no suspicion or confirmation of Private Key compromise.
Activation data used to activate ISRG CA Private Keys is generated during a key ceremony. Activation data is then transferred to the person who will use it or the place it will be stored.
Activation data is protected from unauthorized disclosure via both physical and logical means.
No stipulation.
ISRG CA infrastructure and systems are appropriately secured in order to protect CA software and data from unauthorized access or modification. Access to systems is secured via multi-factor authentication whenever possible. Security updates are applied in a timely fashion. Vulnerability scans are run regularly.
No stipulation.
ISRG has developed policies and procedures to effectively manage the acquisition and development of its CA systems.
ISRG CA hardware and software is dedicated solely to performing CA functions.
Vendor selection includes an evaluation of reputation in the market, ability to deliver a quality product, vulnerability history, and the likelihood of remaining viable in the future. Physical product deliveries are received by Trusted Contributors and inspected for evidence of tampering. HSMs are shipped in tamper-evident packaging and tamper bag serial numbers are confirmed with the vendor upon receipt.
ISRG maintains a CA testing environment separate from the production environment. The testing environment reasonably emulates the production environment but does not have access to ISRG CA Private Keys used in trusted certificates. The purpose of this testing environment is to allow extensive but safe testing of software and systems that are or will be deployed to the CA production environment.
ISRG has developed and maintains appropriate change control policies and procedures to be followed any time CA systems are modified. Changes to ISRG CA systems require review by qualified Trusted Personnel who are different from the person requesting the change. Change requests are documented, as are any subsequent required reviews or approvals.
When ISRG develops software to be used in CA operations, software development policies are put into place and methodologies are followed in order to ensure software quality and integrity. This always includes a requirement for peer review of code changes. Code commit privileges are granted only to qualified and trusted contributors. Nobody with the ability to deploy software to ISRG PKI systems (e.g. PKI Administrators) may have the ability to unilaterally commit code to core CA software. The reverse is also true.
ISRG has mechanisms in place to control and monitor security-related configuration of CA systems. Equipment and software is installed and configured using a documented change control process. Software integrity is verified upon deployment using checksums.
No stipulation.
ISRG implements reasonable network security safeguards and controls to prevent unauthorized access to CA systems and infrastructure. ISRG complies with the CA/Browser Forum's Network and Certificate System Security Requirements.
ISRG's network is multi-tiered and utilizes the principle of defense in depth.
Firewalls and other critical CA systems are configured based on a necessary-traffic-only allowlisting policy whenever possible.
ISRG Root CA Private Keys are stored offline in a secure manner.
See Section 5.5.5.
All fields are as specified in RFC 5280, including fields and extensions not specifically mentioned. Extensions are not marked critical unless specifically described here as critical.
| Field or extension | Value |
|---|---|
| Serial Number | Must be unique, with 64 bits of output from a CSPRNG |
| Issuer Distinguished Name | C=US, O=Internet Security Research Group, CN=ISRG Root X<n> where n is an integer representing the instance of the Root CA Certificate. For example, ISRG Root X1, ISRG Root X2, etc. |
| Subject Distinguished Name | Same as Issuer DN |
| Validity Period | Up to 25 years |
| Basic Constraints | Critical. cA=True, pathLength constraint absent |
| Key Usage | Critical. keyCertSign, cRLSign |
| Field or extension | Value |
|---|---|
| Serial Number | Must be unique, with 64 bits of output from a CSPRNG |
| Issuer Distinguished Name | Derived from Issuer certificate |
| Subject Distinguished Name | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X<n>; or C=US, O=Let's Encrypt, CN=[ER]<n> where n is an integer representing the instance of the Subordinate CA Certificate. |
| Validity Period | Up to 8 years |
| Basic Constraints | Critical. cA=True, pathLength constraint 0 |
| Key Usage | Critical. keyCertSign, cRLSign, digitalSignature |
| Extended Key Usage | TLS Server Authentication, TLS Client Authentication |
| Certificate Policies | CAB Forum Domain Validated (2.23.140.1.2.1) Optionally, ISRG Domain Validated (1.3.6.1.4.1.44947.1.1.1) with qualifier id-qt-cps pointing to this CP/CPS |
| Authority Information Access | Contains CA Issuers URL (and optionally an OCSP URL). URLs vary based on Issuer. |
| CRL Distribution Points | Contains a CRL URL. URL varies based on Issuer. |
| Field or extension | Value |
|---|---|
| Serial Number | Must be unique, with 64 bits of output from a CSPRNG |
| Issuer Distinguished Name | Derived from Issuer certificate |
| Subject Distinguished Name | CN=none, or one of the values from the Subject Alternative Name extension |
| Validity Period | Up to 100 days |
| Basic Constraints | Critical. cA=False |
| Key Usage | Critical. digitalSignature, keyEncipherment |
| Extended Key Usage | TLS Server Authentication, TLS Client Authentication |
| Certificate Policies | CAB Forum Domain Validated (2.23.140.1.2.1) |
| Authority Information Access | Contains CA Issuers URL and OCSP URL. URLs vary based on Issuer. |
| Subject Public Key | RSA with modulus between 2048 and 4096, inclusive; or namedCurve P-256; or namedCurve P-384 |
| Subject Alternative Name | A sequence of 1 to 100 dNSNames |
| TLS Feature | Contains status_request if requested by the Subscriber in the CSR |
| Precertificate poison | Per RFC 6962. In Precertificates only. |
| Signed Certificate Timestamp List | Per RFC 6962. In final certificates only. |
| CRL Distribution Point | If present, contains a URI to the CRL shard whose scope includes this certificate. |
Signed by a Root CA Certificate, these Certificates may sign OCSP responses for Subordinate CA Certificates.
| Field or extension | Value |
|---|---|
| Serial Number | Must be unique, with 64 bits of output from a CSPRNG |
| Issuer Distinguished Name | Derived from Issuer |
| Subject Distinguished Name | C=US, O=Internet Security Research Group, CN=ISRG Root OCSP X<n> where n is an integer depending on the Issuer |
| Validity Period | Up to 8 years |
| Basic Constraints | Critical. cA=False |
| Key Usage | Critical. digitalSignature |
| Extended Key Usage | Critical. OCSPSigning |
| No Check | Present |
All certificates use X.509 version 3.
See section 7.1.
No stipulation.
| Name | Object identifier |
|---|---|
| sha256WithRSAEncryption | 1.2.840.113549.1.1.11 |
| ecdsa-with-SHA384 | 1.2.840.10045.4.3.3 |
ISRG does not issue Subscriber Certificates containing the subject:organizationName, subject:givenName, subject:surname, subject:streetAddress, subject:localityName, subject:stateOrProvinceName, subject:postalCode, subject:countryName, or subject:organizationalUnitName fields. The subject:organizationName and subject:countryName fields may be present in our Root CA, Subordinate CA, and other operational certificates.
No stipulation.
See section 7.1.
Not applicable.
See section 7.1.
Not applicable.
For the status of Subordinate CA Certificates:
| Field or Extension | Value |
|---|---|
| Version | V2 |
| Signature Algorithm | sha256WithRSAEncryption or ecdsa-with-SHA384 |
| ThisUpdate | The date and time when the Certificate revocation list validity begins |
| NextUpdate | Up to ThisUpdate + 1 year |
| RevokedCertificates | Contains: userCertificate, revocationDate, reasonCode |
| CRLnumber | The serial number of this CRL in an incrementally increasing sequence of CRLs |
| IssuingDistributionPoint | If present, asserts onlyContainsCACerts |
For the status of Subscriber Certificates:
| Field or Extension | Value |
|---|---|
| Version | V2 |
| Signature Algorithm | sha256WithRSAEncryption or ecdsa-with-SHA384 |
| ThisUpdate | The date and time when the Certificate revocation list validity begins |
| NextUpdate | Up to ThisUpdate + 10 days |
| RevokedCertificates | Contains: userCertificate, revocationDate, reasonCode |
| CRLnumber | The serial number of this CRL in an incrementally increasing sequence of CRLs |
| IssuingDistributionPoint | Contains a distributionPoint pointing to the CRL's unique URL |
See section 7.2.
No stipulation.
ISRG OCSP responders implement the RFC 5019 profile of RFC 6960.
No stipulation.
No stipulation.
WebTrust compliance audits are intended to ensure a CA's compliance with its CP and CPS and relevant WebTrust audit criteria.
WebTrust compliance audit periods cover no more than one year and are scheduled by ISRG annually, every year with no gaps.
See Section 8.7 for information about the frequency of self-audits.
ISRG's WebTrust compliance audits are performed by a qualified auditor. A qualified auditor means a natural person, legal entity, or group of natural persons or legal entities that collectively possess the following qualifications and skills:
ISRG's WebTrust auditors shall have no financial interest in, or other type of relationship with, ISRG, which might cause the auditors to have a bias for or against ISRG.
Compliance audits cover ISRG's compliance with the ISRG CP/CPS, as well as the following WebTrust principles and criteria:
Noncompliance with relevant requirements will be documented by auditors (internal or external), the ISRG PMA will be informed, and the ISRG PMA will ensure that steps are taken to address the issues as quickly as reasonably possible.
Audit results are reported to the ISRG PMA and any other entity entitled to the results by law, regulation, or agreement. This includes a number of Web user agent (i.e. browser) root programs.
ISRG is not required to publicly disclose any audit finding that does not impact the overall audit opinion.
ISRG performs a quarterly internal audit of at least 3% of issuance since the last WebTrust audit period. The sample is randomly selected. Results are saved and provided to auditors upon request.
In addition, ISRG conducts pre-issuance linting for all issuance.
ISRG does not charge any fees for certificate issuance or renewal.
No stipulation.
ISRG does not charge any fees for certificate revocation or for checking the validity status of an issued certificate using a CRL or OSCP.
No stipulation.
ISRG collects no fees, and so provides no refunds.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
No stipulation.
ISRG employees, agents, and contractors are responsible for protecting confidential information and are bound by ISRG's policies with respect to the treatment of confidential information or are contractually obligated to do so. Employees receive training on how to handle confidential information.
ISRG follows the privacy policy posted on its website (https://letsencrypt.org/repository/) when handling personal information.
The privacy policy posted on ISRG's website (https://letsencrypt.org/repository/) identifies information that ISRG treats as private.
The privacy policy posted on ISRG's website (https://letsencrypt.org/repository/) identifies information that ISRG does not treat as private.
ISRG employees and contractors are subject to policies or contractual obligations requiring them to comply with ISRG's privacy policy (https://letsencrypt.org/repository/) or contractual obligations at least as protective of private information as ISRG's privacy policy.
ISRG follows the privacy policy posted on its website (https://letsencrypt.org/repository/) when using personal information.
ISRG may disclose personal information if compelled to do so by court order or other compulsory legal process, provided that if ISRG determines that such court order or legal process is invalid or unconstitutional, ISRG will make reasonable legal efforts to oppose disclosure.
ISRG may disclose personal information under other circumstances that are described in the privacy policy posted on its website (https://letsencrypt.org/repository/).
ISRG and/or its business partners own the intellectual property rights in ISRG's services, including the certificates, trademarks used in providing the services, and this CP/CPS. Certificate and revocation information are the property of ISRG. ISRG grants permission to reproduce and distribute certificates on a non-exclusive and royalty-free basis, provided that they are reproduced and distributed in full. Private Keys and Public Keys remain the property of the Subscribers who rightfully hold them.
Notwithstanding the foregoing, third party software (including open source software) used by ISRG to provide its services is licensed, not owned, by ISRG.
Except as expressly stated in this CP/CPS or in a separate agreement with a Subscriber, ISRG does not make any representations or warranties regarding its products or services. ISRG represents and warrants, to the extent specified in this CP/CPS, that:
ISRG does not use RA services from third parties.
Each Relying Party represents and warrants that, prior to relying on an ISRG certificate, it:
Any unauthorized reliance on a certificate is at a party's own risk.
No stipulation.
ISRG certificates and services are provided "as-is." ISRG disclaims any and all warranties of any type, whether express or implied, including and without limitation any implied warranty of title, non-infringement, merchantability, or fitness for a particular purpose, in connection with any ISRG service or ISRG certificate.
ISRG does not accept any liability for any loss, harm, claim, or attorney's fees in connection with any certificates. ISRG will not be liable for any damages, attorney's fees, or recovery, regardless of whether such damages are direct, consequential, indirect, incidental, special, exemplary, punitive, or compensatory, even if ISRG has been advised of the possibility of such damages. This limitation on liability applies irrespective of the theory of liability, i.e., whether the theory of liability is based upon contract, warranty, indemnification, contribution, tort, equity, statute or regulation, common law, or any other source of law, standard of care, category of claim, notion of fault or responsibility, or theory of recovery. This disclaimer is intended to be construed to the fullest extent allowed by applicable law.
Without waiving or limiting the foregoing in any way, ISRG does not make, and ISRG expressly disclaims, any warranty regarding its right to use any technology, invention, technical design, process, or business method used in either issuing certificates or providing any of ISRG's services. Each Subscriber affirmatively and expressly waives the right to hold ISRG responsible in any way, or seek indemnification against ISRG, for any infringement of intellectual property rights, including patent, trademark, trade secret, or copyright.
ISRG does not provide any indemnification.
Each Subscriber will indemnify and hold harmless ISRG and its directors, officers, employees, agents, and affiliates from any and all liabilities, claims, demands, damages, losses, costs, and expenses, including attorneys' fees, arising out of or related to: (i) any misrepresentation or omission of material fact by Subscriber to ISRG, irrespective of whether such misrepresentation or omission was intentional, (ii) Subscriber's violation of the Subscriber Agreement, (iii) any compromise or unauthorized use of an ISRG certificate or corresponding Private Key, or (iv) Subscriber's misuse of an ISRG certificate. If applicable law prohibits Subscriber from providing indemnification for another party's negligence or acts, such restriction, or any other restriction required by law for this indemnification provision to be enforceable, shall be deemed to be part of this indemnification provision.
To the extent permitted by law, each Relying Party shall indemnify ISRG, its partners, entities that have cross-signed or issued sub-CAs for ISRG, and their respective directors, officers, employees, agents, and contractors against any loss, damage, or expense, including reasonable attorney's fees, related to the Relying Party's (i) breach of any service terms applicable to the services provided by ISRG or its affiliates and used by the Relying Party, this CP/CPS, or applicable law; (ii) unreasonable reliance on a certificate; or (iii) failure to check the certificate's status prior to use.
This CP/CPS and any amendments to this CP/CPS are effective when published to the ISRG online repository and remain in effect until replaced with a newer version.
This CP/CPS and any amendments remain in effect until replaced with a newer version.
ISRG will communicate the conditions and effect of this CP/CPS's termination via the ISRG Repository. The communication will specify which provisions survive termination. At a minimum, all responsibilities related to protecting confidential information will survive termination. All Subscriber Agreements remain effective at least until the certificate is revoked or expired, even if this CP/CPS terminates.
ISRG accepts notices related to this CP/CPS at the locations specified in Section 1.5.2 of this CP/CPS. Notices are deemed effective after the sender receives a valid and digitally signed acknowledgment of receipt from ISRG. If an acknowledgement of receipt is not received within five days, the sender must resend the notice in paper form to the street address specified in Section 1.5.2 of this CP/CPS using either a courier service that confirms delivery or via certified or registered mail with postage prepaid and return receipt requested. ISRG may allow other forms of notice in its Subscriber Agreements.
This CP/CPS is reviewed at least annually and may be reviewed more frequently. Amendments are made by posting an updated version of this CP/CPS to the online repository. Controls are in place that are designed to reasonably ensure that this CP/CPS is not amended and published without the prior authorization of the ISRG PMA.
ISRG posts CP/CPS revisions to its Repository. ISRG does not guarantee or set a notice-and-comment period and may make changes to this CP/CPS without notice.
The ISRG PMA is solely responsible for determining whether an amendment to this CP/CPS requires an OID change.
Any claim, suit or proceeding arising out of this CP/CPS or any ISRG product or service must be brought in a state or federal court located in San Jose, California. ISRG may seek injunctive or other relief in any state, federal, or national court of competent jurisdiction for any actual or alleged infringement of its, its affiliates, or any third party's intellectual property or other proprietary rights.
The laws of the state of California, United States of America, govern the interpretation, construction, and enforcement of this CP/CPS and all proceedings related to ISRG products and services, including tort claims, without regard to any conflicts of law principles. The United Nations Convention for the International Sale of Goods does not apply to this CP/CPS.
This CP/CPS is subject to all applicable laws and regulations, including United States restrictions on the export of software and cryptography products.
ISRG requires each party using its products and services to enter into an agreement that delineates the terms associated with the product or service. If an agreement has provisions that differ from this CP/CPS, then the agreement with that party controls, but solely with respect to that party. Third parties may not rely on or bring action to enforce such agreement.
Any entities operating under this CP/CPS may not assign their rights or obligations without the prior written consent of ISRG. Unless specified otherwise in a contract with a party, ISRG does not provide notice of assignment.
If any provision of this CP/CPS is held invalid or unenforceable by a competent court or tribunal, the remainder of this CP/CPS will remain valid and enforceable. Each provision of this CP/CPS that provides for a limitation of liability, disclaimer of a warranty, or an exclusion of damages is severable and independent of any other provision.
ISRG may seek indemnification and attorneys' fees from a party for damages, losses, and expenses related to that party's conduct. ISRG's failure to enforce a provision of this CP/CPS does not waive ISRG's right to enforce the same provision later or right to enforce any other provision of this CP/CPS. To be effective, waivers must be in writing and signed by ISRG.
ISRG is not liable for any delay or failure to perform an obligation under this CP/CPS to the extent that the delay or failure is caused by an occurrence beyond ISRG's reasonable control. The operation of the Internet is beyond ISRG's reasonable control.
No stipulation.