Short-lived certificates

dion · November 27, 2025, 6:13pm

I’m trying to request certificates that include a DNS name as well as IPv4 and IPv6 addresses as SANs. From what I understand, this is only possible when using the short-lived certificate profile.

When I use the staging ACME endpoint, everything works as expected — the certificates are issued and saved without problems. But when I switch to the production ACME endpoint, I receive an error stating that my account isn’t authorized to issue short-lived certificates.

According to the Let’s Encrypt documentation, short-lived certificates require being on an allowlist. How can I request access to this profile, and what’s the process to be added to the allowlist?

met24 · November 27, 2025, 6:19pm

Hi @dion! Post your LE production account URL on the thread at When will Let's Encrypt's IP certificates be officially launched? along with your planned use case and they should add it. May take a few days.

Topic		Replies	Views
Authorizations not found or expired (bash client) Issuance Tech	4	3064	June 23, 2016
Short certificate period - no useable on multi server scenario Help	53	11037	April 5, 2017
Obtain fake certificate in "staging" mode without authorization Server	11	6540	August 4, 2016
Unauthorized because certificate had names "sd-125872.dedibox.fr" Server	11	2610	November 7, 2017
AssertionError: Authorizations list is empty Server	3	2190	February 1, 2016

Short-lived certificates

Related topics