{
	"id": "460acd87-d9b3-4303-b801-d102d7109847",
	"created_at": "2026-04-06T00:22:17.562429Z",
	"updated_at": "2026-04-10T03:35:21.573391Z",
	"deleted_at": null,
	"sha1_hash": "4adb2a3d58b8dfbecc44a1c0c2f6c27b9264d893",
	"title": "FAQ",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 56619,
	"plain_text": "FAQ\r\nArchived: 2026-04-05 19:27:39 UTC\r\nThis FAQ is divided into the following sections:\r\nGeneral Questions\r\nTechnical Questions\r\nGeneral Questions\r\nWhat services does Let’s Encrypt offer?\r\nLet’s Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain,\r\nrenew, and manage SSL/TLS certificates. Our certificates can be used by websites to enable secure HTTPS\r\nconnections.\r\nLet’s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV) or\r\nExtended Validation (EV) primarily because we cannot automate issuance for those types of certificates.\r\nTo get started using Let’s Encrypt, please visit our Getting Started page.\r\nWhat does it cost to use Let’s Encrypt? Is it really free?\r\nWe do not charge a fee for our certificates. Let’s Encrypt is a nonprofit, our mission is to create a more secure and\r\nprivacy-respecting Web by promoting the widespread adoption of HTTPS. Our services are free and easy to use so\r\nthat every website can deploy HTTPS.\r\nWe require support from generous sponsors, grantmakers, and individuals in order to provide our services for free\r\nacross the globe. If you’re interested in supporting us please consider donating or becoming a sponsor.\r\nIn some cases, integrators (e.g. hosting providers) will charge a nominal fee that reflects the administrative and\r\nmanagement costs they incur to provide Let’s Encrypt certificates.\r\nWhat kind of support do you offer?\r\nLet’s Encrypt is run by a small team and relies on automation to keep costs down. That being the case, we are not\r\nable to offer direct support to our subscribers. We do have some great support options though:\r\n1. We have really helpful documentation.\r\n2. We have very active and helpful community support forums. Members of our community do a great job of\r\nanswering questions, and many of the most common questions have already been answered.\r\nHere’s a video we like about the power of great community support.\r\nhttps://letsencrypt.org/docs/faq/\r\nPage 1 of 4\n\nA website using Let’s Encrypt is engaged in Phishing/Malware/Scam/… , what\r\nshould I do?\r\nWe recommend reporting such sites to Google Safe Browsing and the Microsoft Smart Screen program, which are\r\nable to more effectively protect users. Here are the reporting URLs:\r\nhttps://safebrowsing.google.com/safebrowsing/report_badware/\r\nhttps://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest\r\nIf you’d like to read more about our policies and rationale, you can do so here:\r\nhttps://letsencrypt.org/2015/10/29/phishing-and-malware.html\r\nTechnical Questions\r\nAre certificates from Let’s Encrypt trusted by my browser?\r\nFor most browsers and operating systems, yes. See the compatibility list for more detail.\r\nDoes Let’s Encrypt issue certificates for anything other than SSL/TLS for\r\nwebsites?\r\nLet’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses\r\na domain name, like web servers, mail servers, FTP servers, and many more.\r\nEmail encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.\r\nDoes Let’s Encrypt generate or store the private keys for my certificates on Let’s\r\nEncrypt’s servers?\r\nNo. Never.\r\nThe private key is always generated and managed on your own servers, not by Let’s Encrypt.\r\nWhat is the lifetime for Let’s Encrypt certificates? For how long are they valid?\r\nOur default certificates are valid for 90 days. You can read about why here.\r\nSubscribers can opt in to short-lived certificates which are valid for six days. You can read about these here.\r\nThere is no way to adjust these lifetimes, there are no exceptions. We recommend renewing 90 day certificates\r\nevery 60 days and six day certificates every three days.\r\nWill Let’s Encrypt issue Organization Validation (OV) or Extended Validation\r\n(EV) certificates?\r\nhttps://letsencrypt.org/docs/faq/\r\nPage 2 of 4\n\nWe have no plans to issue OV or EV certificates.\r\nCan I get a certificate for multiple domain names (SAN certificates or UCC\r\ncertificates)?\r\nYes, the same certificate can contain several different names using the Subject Alternative Name (SAN)\r\nmechanism.\r\nDoes Let’s Encrypt issue wildcard certificates?\r\nYes. Wildcard issuance must use the DNS-01 challenge. See this post for more technical information.\r\nIs there a Let’s Encrypt (ACME) client for my operating system?\r\nThere are a large number of ACME clients available. Chances are something works well on your operating\r\nsystem. We recommend starting with Certbot.\r\nCan I use an existing private key or Certificate Signing Request (CSR)?\r\nYes, but not all clients support this feature. Certbot does.\r\nI requested a certificate and now my domain is receiving a lot of traffic! Why is\r\nthis happening?\r\nThis is normal and anticipated. During the certificate issuance process, Let’s Encrypt will validate control of your\r\ndomain from multiple network perspectives. After successful validation, your certificate will be submitted to\r\nnumerous Certificate Transparency (CT) logs. See here for more details about why this is necessary. Shortly after\r\nthe certificate is submitted to CT, automated CT crawling bots will be able to discover your domain, attempt to\r\naccess it, and generate further traffic in your webserver logs.\r\nWhat IP addresses does Let’s Encrypt use to validate my web server?\r\nWe don’t publish a list of IP addresses we use to validate, and these IP addresses may change at any time. Note\r\nthat we now validate from multiple IP addresses.\r\nI successfully renewed a certificate but validation didn’t happen this time - how is\r\nthat possible?\r\nOnce you successfully complete the challenges for a domain, the resulting authorization is cached for your\r\naccount to use again later. Cached authorizations last for up to 30 days from the time of validation, depending on\r\nthe associated profile. If the certificate you requested has all of the necessary authorizations cached then validation\r\nwill not happen again until the relevant cached authorizations expire.\r\nWhy should my Let’s Encrypt (ACME) client run at a random time?\r\nhttps://letsencrypt.org/docs/faq/\r\nPage 3 of 4\n\nWe ask that ACME clients perform routine renewals at random times to avoid spikes in traffic at set times of the\r\nday, such as exactly midnight UTC, or the first second of each hour or minute. When the service is too busy,\r\nclients will be asked to try again later, so randomizing renewal times can help avoid unnecessary retries.\r\nWhere can I learn more about TLS/SSL and PKI in general?\r\nLongtime security researcher and practitioner, Ivan Ristić, published a configuration guide that provides useful\r\ninformation about what you should consider as you set up your TLS configuration.\r\nFor more extensive background and greater detail, we recommend Bulletproof TLS and PKI, also written by\r\nRistić.\r\nSource: https://letsencrypt.org/docs/faq/\r\nhttps://letsencrypt.org/docs/faq/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://letsencrypt.org/docs/faq/"
	],
	"report_names": [
		"faq"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "2864e40a-f233-4618-ac61-b03760a41cbb",
			"created_at": "2023-12-01T02:02:34.272108Z",
			"updated_at": "2026-04-10T02:00:04.97558Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "ETDA:WildCard",
			"tools": [
				"RustDown",
				"SysJoker"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "256a6a2d-e8a2-4497-b399-628a7fad4b3e",
			"created_at": "2023-11-30T02:00:07.299845Z",
			"updated_at": "2026-04-10T02:00:03.484788Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "MISPGALAXY:WildCard",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434937,
	"ts_updated_at": 1775792121,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4adb2a3d58b8dfbecc44a1c0c2f6c27b9264d893.pdf",
		"text": "https://archive.orkl.eu/4adb2a3d58b8dfbecc44a1c0c2f6c27b9264d893.txt",
		"img": "https://archive.orkl.eu/4adb2a3d58b8dfbecc44a1c0c2f6c27b9264d893.jpg"
	}
}