Let’s Encrypt, a non-profit certificate authority that provides free certificates to everyone, has revised its user agreement to define the rights and obligations of certificate recipients. The updated agreement now includes a clause that prohibits issuing certificates to individuals and organizations based in countries or territories subject to comprehensive US sanctions.
The prohibition extends to individuals and entities under personal sanctions and US export control restrictions, as well as entities controlled by sanctioned persons or acting on their behalf. Let’s Encrypt, based in the United States, is obligated to adhere to US export control regulations and sanctions.
It remains unclear whether this change merely formalizes existing practices or will lead to further measures to block requests from certain regions affected by sanctions. Let’s Encrypt has previously implemented targeted blocking to prevent certificate issuance for domains listed on the OFAC sanctions list.
The specific countries subject to these restrictions are yet to be clarified; examples of nations facing full-scale US sanctions include Crimea, DPR, LPR, Iran, North Korea, and Cuba. While strict measures have been imposed on Russia, a complete embargo has not been enforced. Currently, Let’s Encrypt continues to accept certificate requests from Russia without restrictions.
