When will Let's Encrypt let .onion owners encrypt?

Hi @tortxoFFoxtrot -- I'll second what others have already said: there are multiple methods for validating .onion names outlined in the Baseline Requirements, and the draft-ietf-acme-onion document further specifies the details of such. Let's Encrypt could implement support for these methods.

However, all such engineering projects have to be weighed against our other priorities. Right now, we're spending our engineering effort on improving our internal infrastructure for more robust deploys and more efficient database usage, working towards offering short-lived and ip-address certificates, completely overhauling how our rate limits work, and encouraging adoption of ARI.

Implementing domain control validation (and even more so, implementing CAA checking) for .onion domain names is not something "we can do today easy". It would require significant design, implementation, test, and compliance work. And although I appreciate that it is high priority for you, it is not high priority for the majority of our subscribers and for ourselves. I'm sorry that we haven't provided this feature for you yet, and have no plans to get to it in the near future.

10 Likes