Let's Encrypt Terms of Service

Read our summary of Let's Encrypt's Terms of Service.


  • Agreement becomes effective once you request a Let's Encrypt Certificate from ISRG.
  • You must have authority to bind the entity you represent to this Agreement.
  • You are responsible for the accuracy and security of the domain name associated with your certificate.
  • You must keep the Private Key corresponding to your Public Key secure and confidential.
  • You are obligated to request revocation of your certificate if you no longer control the domain or if any warranty is no longer true.
  • ISRG may refuse your certificate request at their sole discretion without stating a reason.
  • Your Key Pair must be generated on your own systems, and ISRG will not have access to your Private Key.
  • You must inspect your certificate immediately upon receipt and request revocation if there are any issues.
  • Certificates can only be installed on servers accessible at the domain names listed in the certificate.
  • Certificates cannot be used for high-risk activities where failure could cause harm or damage.
  • You must cease using your certificate if it contains inaccuracies or has expired.
  • You must indemnify ISRG against claims arising from your misrepresentation, agreement violation, or misuse of your certificate.
  • ISRG may publish information you provide and your certificates, as they become public record.
  • ISRG can revoke your certificate immediately if it is deemed invalid or compromised.
  • ISRG disclaims all warranties and will not be liable for any damages related to the certificates.
  • The laws of the State of California govern this Agreement.
  • Any claims against ISRG must be brought in San Jose, California and commenced within one year.
  • ISRG may modify this Agreement and will post changes online 14 days before they become effective.

Things to watch out for

  • ISRG can revoke your certificate without prior notice if they determine it's necessary.
  • You are responsible for any legal consequences resulting from the use of your certificate.
  • ISRG is not liable for any damages or losses you may incur in connection with the certificate.
  • You must indemnify ISRG for any costs arising from your actions related to the certificate.

AI recommendations

Before requesting a Let's Encrypt Certificate, ensure you have the authority to bind your entity to this Agreement and that you can fulfill all the responsibilities, especially regarding domain control and Private Key security. Be prepared to act immediately if there's a need to revoke your certificate, and understand that ISRG has broad discretion to revoke certificates without notice. Given the lack of warranties and the limitation of liability, consider the risks associated with using Let's Encrypt Certificates, especially for critical systems or sensitive communications.


What happens if I lose control over the domain name associated with my Let's Encrypt Certificate?

You must immediately request that ISRG revoke the affected certificates, and you may request replacement certificates if the warranties are still true for the replacements.

Is there any warranty or liability on the part of ISRG for the certificates they issue?

No, ISRG disclaims all warranties and will not be liable for any damages related to the use of the certificates.

Can ISRG change the terms of this Subscriber Agreement?

Yes, ISRG may modify the Agreement and will post the new version online at least 14 days before it becomes effective. Major changes will be flagged with a new version number in the ACME protocol.

(Last updated: 06th January, 2024)

Original document

Like what you see?

Install our Chrome Extension to see summaries for any site, on the go.