There is some confusion about whether or not LE will support .onion addresses, and possibly .tor and .exit addresses in the future. The primary worries that I have seen mentioned are that Tor already end-to-end encrypts all traffic to onions and the identity of the onion is proved through it’s nam…

@BFeely , probably not yet, because of industry rules that currently limit .onion certificates to EV, which Let’s Encrypt doesn’t issue at all.

Really there are such <your bad word here> industry rules? That’s disappointing…

There are many reasons why having proper TLS/SSL certs setup for hidden services should be a priority. We run an non-profit private Tor-only e-mail service. It requires our members to connect to mail services (POP3/IMAP/SMTP) using TLS. Without valid .onion domain certs, our clients continue to get …

[image] schoen: industry rules that currently limit .onion certificates to EV wait a sec, this doesnt make sense, I dont think that that many companies use Tor and, but rather more "normal" people, now you can guess three times who may NOT recieve an EV cert...

Agreed, however, times change. The .onion domain is growing far more legitimate every day. The desire for end-to-end encryption, privacy and anonymity will only increase as dragnet government surveillance grows ever more intrusive. At some point this will need to be supported, and without the “spec…

Hi @Lelantos , it’s not really a question of software features (or about Let’s Encrypt not caring about the issue), it’s a question of CA/Browser Forum rules that .onion certs may currently only be EV, which Let’s Encrypt doesn’t do. If these rules change (which several people from LE have said we ho…

but why did they say EV only and essentially locked out normal people, and why can normal ppl not get EV certs this is discrimination, I say! (not by LE, obviously but by the forum)

Increasingly we can envisage more practical use cases for .onion certificates. https://emerproxy.xyz - (with Let’s Encrypt 4096-bit SSL), allows resolution of ’ new ’ TLD’s using OpenNIC project DNS We consider allowing access via a .onion / SSL enabled Tor hidden_service for resolution of OpenN…

Hello. My understanding is that OpenNIC and New Nations domains as wall as Namecoin and Emercoin are not recognized by ICANN, so it is unlikely for CA/B forum to allow the issuance of certificates for these TLDs. .onion is a special case where it has been approved as a Special-Use domain.

If/when will LE support .onion addresses?

Feature Requests

My1 November 6, 2015, 1:36pm 23

well it should be but some stupid “forum” (not pointing names, but it should be obvious) said that only companies and stuff may use those with HTTPS.

Topic		Replies	Views
Letsencrypt for .onion? Issuance Policy	30	19627	July 6, 2022
Let's Encrypt Shouldn't be expected to support onion Addresses - but it might surprise us! Site Feedback	4	415	November 3, 2024
When will Let's Encrypt let .onion owners encrypt? Feature Requests	20	1320	July 30, 2024
.onion domain support Feature Requests	2	6250	July 12, 2017
Certificate for onion v3 address Issuance Policy	12	3466	March 14, 2025

If/when will LE support .onion addresses?

Related topics