Russia Certs and Sectoral Sanctions

I am looking new cert XXXX.ru and www.XXXX.ru for our organiztion. In current global crisis where many CAs not issuing cert for russia .

Is let's encrypt is issuing the new certs , renewal or any modification .if yes what is the process to get it.

The only domains that are blocked for "political" reasons are those owned by entities on the US's "SDN List" (I think only because it may be illegal for Let's Encrypt to do so). Certainly many entities in Russia are on that list, but any entity that isn't on it can request a certificate for their domain, even if their domain ends in .ru.

8 Likes

So, put differently--if your organization isn't on the SDN list, you can get a cert for it, whether it's a .ru domain or not. The process is the same as for any other cert from Let's Encrypt. Start here:

8 Likes

Thanks Peter / Dan,
As you mentioned i go through with https://www.treasury.gov/ofac/downloads/sdnlist.pdf and not found name for my company so it should be good to get the certs.

so does it will apply for other CA too like sectigo or digicert or its depends. Also from lets encrypt how much time it takes to get the cert.

1 Like

All US based companies have to abide by that sanction.
But each CA can also have its' own additional independent restrictions.

7 Likes

seconds

5 Likes

And I imagine companies that want to get paid for certificates may have additional restrictions, since getting money in and out of Russia is… complicated now, to my understanding. But yes, CAs aren't obligated to issue to anyone they don't want to (though occasionally people have discussed changing that), and it wouldn't surprise me if a CA chose not to issue to .ru because they just didn't want to deal with doing so.

Yeah, it'd probably have been quicker to just try to get a cert and see whether you got a "blocked by policy" message. :slight_smile:
Though I don't know how they manage to map organizations to domain names, or how automated the process is, so I guess it's possible that your request might initially succeed and then if someone noticed you were on the list it'd get revoked and blocked. (And of course, if you annoy the US government, I suppose they could add you to the list at any time.)

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.