Hi, Digicert issues certs for .onion. I would like to know if letsencrypt also issues for .onion.

The argument for EV is that unlike Internet domain names, the .onion Tor names are gibberish. So whereas knowing you’re really connected to eBay.com or Google.com is meaningful, we have to expect that facebookhomepage.onion seems like it might be what you wanted as much as facebookcorewwwi.onion doe…

But knowing that DV certs simply certify a name and not organizations, I don’t see a problem using them for .onion. It’s really no different than normal TLDs. A DV cert is “DNS name <-> public key” and that doesn’t change just because we’re below .onion.

we have to expect that facebookhomepage.onion seems like it might be what you wanted There's basically the same problem there with normal DNS names - many (most?) people wouldn't notice that a certificate wasn't EV if they stumbled upon facebookhomepage.ws and it looked like the Facebook page. T…

Hidden Services (v2) were easily weaker than their (currently alpha) counterparts and will become available in future releases of Tor. Since they're available now, what process needs to be started to evaluate them -- identify the areas for improvement -- and then bring that back to the tor project …

A thread on allowing DV issuance for next-generation hidden services was recently started by @schoen on the cabfpub mailing list . There was some discussion on validation methods, but no one seems to have argued against allowing DV issuance, so hopefully a future ballot will pass.

There hasn’t been a ballot proposed. When there is, it will be proposed by a member of the Forum and will have a ballot number. :slight_smile:

Isn’t it kinda pointless? Onion addresses already are key fingerprints. What more validation shall you need? (That is, unless you want to prove your real identity)

when you want http/2 speed upgrade as it doesn’t support handshaked on http?

For sites that use HSTS, it’s important to have their .onion address on the certificate as well, so that when users visit their site via tor, their browser doesn’t show a big, scary warning (as is currently happening with my site: priveasy6qxoehbhq5nxcxv35y6el73hpzpda7wgtnfe5qaspemtl6qd.onion). It’s…

Letsencrypt for .onion?

Issuance Policy

xmycroftx December 6, 2017, 6:37pm 14

I wasn’t aware of the thread! Looks like there’s been some progress, though I’m not sure how to tell if there’s been a ballot proposed for this yet.

Topic		Replies	Views
If/when will LE support .onion addresses? Feature Requests	96	29631	January 3, 2021
Let's Encrypt Shouldn't be expected to support onion Addresses - but it might surprise us! Site Feedback	4	419	November 3, 2024
.onion domain support Feature Requests	2	6250	July 12, 2017
When will Let's Encrypt let .onion owners encrypt? Feature Requests	20	1322	July 30, 2024
Certificate for onion v3 address Issuance Policy	12	3468	March 14, 2025

Letsencrypt for .onion?

Related topics