1.1 Overview

This Certificate Policy (“CP”) document outlines the certificate policies for Internet Security Research Group (“ISRG”) Public Key Infrastructure (“ISRG PKI”).

ISRG PKI services include, but are not limited to, issuing, managing, validating, revoking, and renewing Certificates in accordance with the requirements of this CP.

ISRG PKI services are most commonly, but not necessarily exclusively, provided under the brand/trademark “Let’s Encrypt”.

The ISRG PKI conforms to the current version of the guidelines adopted by the Certification Authority/Browser Forum (“CAB Forum”) when issuing publicly trusted certificates, including the Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates (“Baseline Requirements”). CAB Forum documents can be found at https://www.cabforum.org. If there is any conflict between this CP and a relevant CAB Forum requirement or guideline, then the CAB Forum requirement or guideline shall take precedence.

Other documents related to the behavior and control of the ISRG PKI, such as a Subscriber Agreement and Privacy Policy, can be found at https://letsencrypt.org/repository/.

Per IETF PKIX RFC 3647, this CP is divided into nine components that cover security controls, practices, and procedures for certification services provided by the ISRG PKI.

The following Certification Authorities are covered under this CP:

CA TypeDistinguished NameKey Pair Type and ParametersCert SHA-256 FingerprintValidity Period
Root CAC=US,
O=Internet Security Research Group,
CN=ISRG Root X1
RSA, n has 4096 bits, e=6553796:BC:EC:06:26:49:76:F3:
74:60:77:9A:CF:28:C5:A7:
CF:E8:A3:C0:AA:E1:1A:8F:
FC:EE:05:C0:BD:DF:08:C6
Not Before: Jun 4 11:04:38 2015 GMT,
Not After: Jun 4 11:04:38 2035 GMT
Root CAC=US,
O=Internet Security Research Group,
CN=ISRG Root X2
ECDSA, NIST curve P-38469:72:9b:8e:15:a8:6e:fc:
17:7a:57:af:b7:17:1d:fc:
64:ad:d2:8c:2f:ca:8c:f1:
50:7e:34:45:3c:cb:14:70
Not Before: Sept 4 00:00:00 2020 GMT,
Not After: Sept 17 16:00:00 2040 GMT

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.