Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]

Let's Encrypt’s mission is to create a more secure and privacy-respecting web, except for people residing in countries with the most need for a more secure and privacy-respecting web. Sure, that's great.

That said, pretty sure this is stems from the insane US legal requirement to not export SSL technology to enemy countries. I'm sure some of y'all are old enough to remember when web browsers came in "international friendly" versions that supported 40 bit encryption, or "fancy secure" versions with 128 bit encryption.

Couldn't LE have a branch in Europe or anywhere outside the USA and its minions?

Because they're betraying their own goals, as stated in their About page: “It is a service run for the public’s benefit. [...] Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. [...] Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.” Now they own they are under the control of a political organization.

Here is the paragraph Let's Encrypt added to their Subscription Agreement on 2026-06-04:

> You are not a person or entity that is:

> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;

> (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations;

> or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b).

> You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations.

Iran is blocking internet for months, US ...bans creation of secure connections - that'll show 'em!

Russian quasi-government structures are spending quadrillion of rubles on a TSPU (censorship system) to spy on Russian residents, US ...helps them by making snooping on what is currently encrypted traffic possible by banning accessible encryption!

This somehow confirms my gut feeling that digital certificates are mainly a means to enforce exclusion on behalf of the certificate authority ownership. It is a tool to prevent people from taking full ownership and control of whatever is affected by digital certificates, be it software, firmware, hardware, or as in this case SSL/TLS. That's digital tyranny in disguise.

It seems that, as soon as you transact with a sanctioned entity, you are globally in breach of the agreement and risking the revocation of all your certificates — also the ones for non-sanctioned countries.

Front matter:

   - it is called a "Subscriber Agreement" and not anything that suggests that its scope is a single certificate

   - it's a "contract [...] regarding Your [...] rights and duties relating to [...] Certificates" - plural

  - "[the agreement] will remain in force during the entire period during which *any* of Your Certificates are valid" - plural

  - "[by] requesting, accepting, or using *a* Let’s Encrypt Certificate" - plural

Now this is very bad, as bad as it can get. As soon as all local services will stop working in sanctioned countries, those countries' governments will force all users to either install a root certificate or lose access to all local services and websites. And then it will be possible to use that root certificate for MITM attacks. In the worst case scenario, after the majority of users will install the root certificate, state DPIs will MITM all traffic and will block all un-MITMable traffic.

Is this a canary?

What's gonna happen if I were to begin or continue using one letsencrypt certificate from ... Greenland? Cuba? The EU?

Has letsencrypt been served with a subpoena?

Is this actually new? Looks like a standard US export restriction for encryption technology to me. These sorts of restrictions have been around since the '90s.

Let's Encrypt becomes subject to US export restrictions on cryptography if they are a US company, or if they post anything to github or post anything to major app stores. Every app I have ever posted to Google Play has had to submit a form to the US government declaring what use they make of cryptography.

These restrictions have been in force since that late 1950s (with a long and complicated history with respect to computer cryptography). This particular text looks like a boilerplate restriction, that's required to comply with US EAR export requirements to me.

Gotta love the word 'sanction'. It is it's own antonym! "The committee sanctioned the new policy." (approved it) "The committee sanctioned the rogue nation." (penalized it)

Maybe consolidating ~60% of the web's certificates on to a single provider was a mistake.

This should be one of those things that should be an quick EU win. Running Let's Encrypt is $3-4mill a year, the EU probably uses that on pencils.

The EU could easily bootstrap a Let's Encrypt competitor if it truly cared about removing dependencies on US based entities.

> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; (b) a prohibited or restricted party under U.S. or other applicable sanctions and export control laws and regulations; or (c) owned or controlled by or acting on behalf of anyone described in (a) or (b). You agree to use Let’s Encrypt Certificates and any services provided by or on behalf of ISRG in compliance with applicable U.S. export control and sanctions laws and regulations

Can anyone explain me what went wrong with http://www.cacert.org/ and why they are not supported by any major browser ?

Makes sense, they are US company. I am surprised it took them that long.

For all the people commenting, the ITAR rules still apply for TLS, if you want to use TLS in an app for iOS/Android, one of the requirements is to get an ITAR exemption as part of the app review [1].

The US sanctions are imposed on entire nations (eg Iran), so LetsEncrypt have no option but to state in their conditions that their service is not available. They don't have a choice as a US organization operating under US law.

Whether they choose to enforce that through technical means (eg blocking IPs etc) is up to them.

[1] https://developer.apple.com/documentation/security/complying...

Actalis https://actalis.com/ is a good EU alternative.

I had been meaning to post somewhere that they issued a certificate to kza.org.kp a few months ago but didn't really seem worthy of its own thread.

I am no lawyer, but while there do appear to be some exemptions for communication related services, it's not clear that this qualifies as LE isn't actually providing telecommunications, just a certificate file. And it's not even an issue of the encryption itself, North Korea is under a general embargo so any exports or trade whatsoever is restricted by default.

As an aside, many of North Korea's web servers appear to be old enough to have Heartbleed based on their banner versions, but most don't actually have HTTPS in the first place.

What other CAs implement ACME? Are there any free alternatives outside the US?

Has anyone got any experience with Zero SSL? https://zerossl.com/ It seems like a good EU alternative.

Took me a minute to parse the headline -- Sanctioned as as in "imposed penalty" (ie "sanctions"), not as in dictionary definition #2 "official permission or approval".

Perhaps because "US territories" are a thing, perhaps because it's way more newsworthy if LE bans the US, or perhaps im just a dummie.

The title was a bit misleading.

When I read it, I interpreted it as "let's encrypt bans certificate usage in - any territories endorsed by the US". Took me reading a couple comments to understand it actually meant "territories under US sanctions".

> active eavesdropping (e.g., monster-in-the-middle attacks)

is this standard MitM, or is it some crucially distinct variation?

It their right to do that.

But can we still trust them?

I am not well versed in how their systemwide certificate issuance works: If they have to add this to their terms to comply with their government, could the same government use pressure to leverage let’s encrypt to do harm.

This is bullshit on par with the Chinese firewall, meant to effectively prevent the (entire!) western world from information by parties deemed persona non-grata. SSL certificates are supposed to be about security, not geopolitics.

I'm pretty sure a LE server hitting an Iranian or North Korean endpoint and validating a crypto challenge does not break any OFAC or EAR rules, and no money changes hands. And if a non-US entity wants to do it, the US would just sanction them. Microsoft and Mozilla are certainly not going to include a North Korean or Russian state CA in the root trusted certs (and if they did, the US government could just threaten them with sanctions, too).

Hard not to say "we warned you" about making self-signed certs completely unusable in favor of a very centralized approach.

Does it mean that russian/iranian web-sites using letsencrypt stop working and need to change their certificate provider?

We all knew something like this was coming when we decided to centralise the web around Let's Encrypt.

In reality of course you can probably just ignore this as long as you request the certificate from a proxy in a nonsanctioned country and you don't stick out to the government.

Is Let's Encrypt the only provider of SSL certificates?

Genuine question! Because I assumed there were other places you could get a SSL certificate, but people in this thread seem to be implying that without Let's Encrypt, there's no way for people in those sanctioned territories to get a cert.

A lot of the pushback browser vendors got for locking APIs behind so-called "secure contexts" was because everyone (including them) knew this would happen. If there is a centralized system, some politician will manage to find a way to fuck with it.

Iran and other tyrannical governments can easily set up their own CAs and force their citizens to use them. Iran likely already has this infra in place. This ban does nothing but highlights LE as the liability it is. The decades-old certificate authority scheme is no longer fit for purpose and needs to go.

If you're a web developer, consider offering your site through public key-addressable networks. Reticulum and Tor are good options that work today.

Time for a non-US equivalent of Let's Encrypt?

Yeah, let everybody build and use their own services, and then the US will end up having less control and visibility. Great tactics!

Weird. The copy I read says they have just deleted that section of their user agreement.

All they can do is disable support for certain ccTLDs, but other than that, it's unenforceable.

That's why many tech companies echo these laws overtly and with a lot of fanfare... They know they have no real control over who uses their services, so this is a way to signal their good faith and best effort in advance, in case they end up caught up in some foreign cyberbullshit.

How are they going to enforce this?

Why when connecting to a TLS website service that does not have a CA signed certificate, I am welcomed with "Secure connection failed, browser not trusting the ceritifate. Do you want to continue?", without showing me the actual certificate fingerprint?

On desktops browser displaying the fingerprint/hash requires clicks, on mobile is not implemented and on native apps practically not existing.

The keys should be shown, so they could be verified manually in person or via other channel. Just like the SSH do. Someone say people would just click "accept" without a thought, but the button is already here, just no information what actually is accepted.

To be put in perspective with their push for very short live certificates, like 7 days, with the argument that anyone can easily get certificate from at any time.

But in fact, little by little you have all the stacks needed to be able to isolate some entities from internet at the us request in a very short time

Dictators love it when their citizens can't use encryption. It makes them much easier to control and monitor.

this is big blow to the Internet society very disappointing to read this..

huh? the linked document shows that bullet item as deleted.

the reach is by rough estimates ~2.5–6 million websites globally, 2–5 million of those in Russia and 0.3-1 million in Iran

Whatever USofA, it's not hard to have their own cosmodrome and certificates.

Tangential, in 2026 website certificates feel like nothing, disposable automation artifact, toxic max-security[1], vehicle for those who rent seek, fingerprint.

[1] https://tom7.org/httpv/httpv.pdf

And now imagine that one of the Trump tantrums contains an announcement of sanctions against the European Union.

The uninteresting version of this is “US entity follows US law.”

The interesting version is that Web PKI is not just cryptographic infrastructure. It is also a policy distribution system. A browser trust store, a CA, a subscriber agreement, revocation rules, export controls, and sanctions law all end up in the request path of "can this site speak HTTPS to normal users?"

That does not make Let’s Encrypt uniquely bad. Any CA has some jurisdiction, owners, contracts, root-program obligations, abuse process, and legal exposure. Moving the CA changes the governance surface; it does not remove governance.

But it does mean "just use Let’s Encrypt" is not a neutral answer when protocols, browsers, APIs, app stores, or regulators effectively require TLS. The operational dependency is not only ACME uptime and certificate issuance. It is also jurisdictional continuity.

The hard product question is what failure mode we want:

1. Web PKI: power concentrates in CAs, browsers, and root programs. 2. DANE/DNSSEC: power shifts toward DNS operators, registries, registrars, and governments. 3. Self-signed / TOFU / pinning: power shifts toward application-specific trust and worse UX. 4. Multiple CAs: better resilience, but still bounded by browser trust stores and legal chokepoints.

There is no apolitical trust system here. There are only different control planes with different failure modes.

The practical ask from Let’s Encrypt should be clarity: issuance vs renewal vs revocation, existing certs vs future certs, domain location vs subscriber location, hosting location vs user location, and how they interpret “use” of a certificate. Without that, operators are left guessing whether this is a narrow compliance clause or a broad infrastructure-risk event.

[flagged]

[dead]

[dead]

[dead]

[dead]

[dead]

[flagged]

What in the actual fuck?