1.2 Document name and identification

This is the ISRG Certificate Policy. This document was approved for publication by the ISRG Policy Management Authority, and is made available at https://letsencrypt.org/repository/.

The following revisions have been made:

DateChangesVersion
May 5, 2015Original1.0
September 9, 2015Added DV SSL OID, added/corrected a number of policy URIs, clarifications to Procedure for Revocation Request, substantial changes to all of Section 9 regarding legal matters, other minor fixes/improvements1.1
May 5, 2016Add info about tlsFeature extension, serialNumber in Subject Distinguished Name field.1.2
April 13, 2017Simplify Section 1.2, “Document Name and Identification. Simplify Section 3.2.2.2, “Performance of Electronic Identification.” Validation methods in use are detailed in CPS. Update CPS section numbers for CRL and OCSP profiles. Remove Section 10, “Certificate Profiles.” Profiles are now in our CPS.1.3
May 22, 2017Complete rewrite.2.0
February 6, 2018Update text of Section 6.1.7 to match Baseline Requirements v1.5.1.2.1
September 20, 2018Define Certificate Problem Report in Section 1.6.1. Update Section 3.2.2.4 “Validation of Domain Authorization or Control” to match latest BRs but omit methods we do not use. Add additional revocation reason to Section 4.9.1.1 for compliance with upcoming BR revision. Minor updates to Sections 4.9.3 and 4.9.5.2.2
July 3, 2019Remove IP address validation information which is not applicable. Update sections 4.9.1.1, 4.9.1.2, and 4.9.5 to match current BRs. Other minor updates (e.g. capitalization).2.3
January 21, 2020Make structure more exactly match RFC 3647 recommendation. Audit use of phrase No Stipulation and eliminate blank sections. Add policy information for IP address validation.2.4
October 27, 2020List ISRG Root X2 in section 1.1. Update sections 3.2.2.4, 3.2.2.5, 3.2.2.6, 3.2.2.8, 4.2.1, 4.9.10, 7.1.2, and 7.1.3 regarding validation methods, OCSP, certificate profiles, and cryptographic algorithms, to match Baseline Requirements.2.5