eSIM IoT and certificate lifetime


I would very much like to ask if you have seen any interest in using Let's Encrypt for certificates on M2M/IoT devices, and maybe even more specifically on SIMs.

The current challenge is the lifetime requirement of maximum 90 days, as many M2M/IoT devices might be offline for longer periods.

Has it been something you've considered looking into, as GSMA signed certificates today has 20 years lifetime (maybe not as secure, but still the standard today).

You can renew an already-expired certificate just fine.

Yeah, that's not going to happen. The absolute limit right now is ~13 months.

No browser is going to like a certificate with a longer lifetime.


Hi 9peppe,

Thank you for the reply. So for the browser issue, it is not a problem, as this is for M2M/IoT devices and/or SIMs, so a browser would not be included in this scenario.

Regarding renewal for an already expired certificate, I'm wondering how that could happen, if the renewal process requires internet connectivity, and this internet access is depended upon the certificate being valid. Which would be the case for a scenario of using the certificate within a SIM.

Again, this is for M2M/IoT and not internet-browsing and such.

Let’s Encrypt is focused on the Web PKI, and has no plans to support other use cases that might require long-lived certificates.