Update on arpa domains

snek · August 26, 2025, 7:10am

There have been some updates on the linked CA/B ballot in Will six day certificates allow rdns zones?, so I wanted to update the topic but it was autolocked...

tl;dr

[...] we will not move forward with this ballot as-is, as there is value in allowing issuance for DoH/DoT nameservers under .arpa and do not want to hamper those efforts. Our current thinking is that ballot will be scaled down to prohibiting wildcards under .arpa, but we can certainly discuss.

It seems that individuals within the CA/B community acknowledge valid use cases for issuing for arpa domains.

Would LE be open to reconsidering the arpa policy at some point, based on this? It seems like it could be a nice additional feature for six-day certs after IP issuance is rolled out.

aarongable · August 26, 2025, 9:29pm

We're following the CA/BF discussion closely. I think it is likely that, once stricter rules are put in place, we will relax our own restrictions to match them. But don't take that as a promise

system · September 25, 2025, 9:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Will six day certificates allow rdns zones? Issuance Policy	8	274	May 27, 2025
Exemption for rDNS (ip6.arpa) domain Issuance Policy	8	2604	October 7, 2017
DNS Challenge vs HTTP Help	22	3762	January 5, 2023
Policy forbids issuing for name Issuance Policy	3	1891	January 28, 2017
Wildcard Certificates Coming January 2018 Issuance Policy	67	18859	October 13, 2017

Update on arpa domains

Related topics