In the world of web development and server management, we’ve lived by a strict rule for over a decade: if you want a secure connection, you need a domain name.
If you wanted that green padlock (HTTPS) for a client’s staging site or a custom internal app, you couldn’t properly test secure browser features from a raw IP address. Unless you wired up a domain—or accepted those constant “Not Secure” warnings from self-signed certificates.
That era just ended.
As of January 15, 2026, Let’s Encrypt officially launched IP Address Certificates, and it quietly removes one of the most annoying friction points in modern development.
The Problem: The Setup Barrier
Early in my career, setting up a new VPS always followed the same pattern. The server was ready. The code was live. You had the IP.
But testing real-world features—secure cookies, geolocation, clipboard access—was blocked behind HTTPS.
You either bought a cheap throwaway domain just to move forward, or you trained yourself (and your clients) to ignore browser security warnings. For temporary environments, staging servers, and internal tools, this was an accepted but unnecessary hassle.
The Solution: Secure by IP
Now, Let’s Encrypt allows trusted TLS certificates to be issued directly to IPv4 and IPv6 addresses. No domain required.
There’s one important constraint: these certificates last only six days (160 hours).
At first, that sounds inconvenient. In reality, it’s intentional—and smart.
IP addresses change hands far more often than domain names. By keeping certificates short-lived, Let’s Encrypt reduces the risk of an old certificate remaining valid after an IP is reassigned. If something goes wrong, the blast radius is small and temporary.
Security stays fresh by default.
Why This Matters for You
Whether you’re a developer or a business owner, this change matters for three practical reasons:
Instant Staging — You can secure a project the moment a server comes online—before DNS is finalized or a domain is even chosen. Your staging environment is production-grade secure from day one.
No More Throwaway Domains — Temporary tools, internal dashboards, and short-lived projects no longer need a paid domain just to enable HTTPS. That’s real money saved and unnecessary complexity eliminated.
Better Automation Habits — Six-day certificates force automation. Tools like Certbot with the shortlived profile handle renewals cleanly, pushing us further toward hands-off, repeatable security that actually works without manual intervention.
What’s Next?
This move fits into a larger shift. Let’s Encrypt plans to reduce standard certificate lifetimes from 90 days to 45 days over time.
Shorter lifetimes mean fewer long-term risks, faster recovery from mistakes, and less reliance on manual processes. This isn’t about inconvenience—it’s about modernizing trust on the web.
The Verdict
For years, those red “Not Secure” warnings were just part of working directly with IP addresses.
Now, that limitation is gone.
Whether you’re spinning up a quick staging server, testing a private app, or building infrastructure at scale, encryption no longer depends on naming things first.
The web just became more flexible—and more secure.
And now, you don’t even need a domain to earn the lock.
Ready to get started? You’ll need an ACME client like Certbot that supports IP certificates. Check out Let’s Encrypt’s official announcement for setup details.
