As announced earlier this year, Let's Encrypt now issues IP address and six-day certificates to the general public. The Certbot team here at the Electronic Frontier Foundation has been working on two improvements to support these features: the --preferred-profile flag released last year in Certbot 4.0, and the --ip-address flag, new in Certbot 5.3. With these improvements together, you can now use Certbot to get those IP address certificates!
If you want to try getting an IP address certificate using Certbot, install version 5.4 or higher (for webroot support with IP addresses), and run this command:
This will request a non-trusted certificate from the Let's Encrypt staging server. Once you've got things working the way you want, run without the --staging flag to get a publicly trusted certificate.
This requests a certificate with Let's Encrypt's "shortlived" profile, which will be good for 6 days. This is a Let's Encrypt requirement for IP address certificates.
As of right now, Certbot only supports getting IP address certificates, not yet installing them in your web server. There's work to come on that front. In the meantime, edit your webserver configuration to load the newly issued certificate from /etc/letsencrypt/live/<ip address>/fullchain.pem and /etc/letsencrypt/live/<ip address>/privkey.pem.
The command line above uses Certbot's "webroot" mode, which places a challenge response file in a location where your already-running webserver can serve it. This is nice since you don't have to temporarily take down your server.
There are two other plugins that support IP address certificates today: --manual and --standalone. The manual plugin is like webroot, except Certbot pauses while you place the challenge response file manually (or runs a user-provided hook to place the file). The standalone plugin runs a simple web server that serves a challenge response. It has the advantage of being very easy to configure, but has the disadvantage that any running webserver on port 80 has to be temporarily taken down so Certbot can listen on that port. The nginx and apache plugins don't yet support IP addresses.
You should also be sure that Certbot is set up for automatic renewal. Most installation methods for Certbot set up automatic renewal for you. However, since the webserver-specific installers don't yet support IP address certificates, you'll have to set a --deploy-hook that tells your webserver to load the most up-to-date certificates from disk. You can provide this --deploy-hook through the certbot reconfigure command using the rest of the flags above.
We hope you enjoy using IP address certificates with Let's Encrypt and Certbot, and as always if you get stuck you can ask for help in the Let's Encrypt Community Forum.
As the digital landscape undergoes profound shifts, the recently released National Cyber Strategy provides the essential foundation for enduring American leadership. By prioritizing the disruption of hostile actors, future-proofing networks, accelerating quantum readiness, and securing the AI frontier, the strategy provides the strategic clarity necessary to protect our digital way of life from sophisticated adversaries. Palo Alto Networks commends National Cyber Director Sean Cairncross for his leadership and looks forward to working with the administration to operationalize this strategy.
Each pillar of the strategy galvanizes meaningful action to advance our collective defense:
Shape Adversary Behavior (Pillar 1)
This signals a decisive shift toward the proactive disruption of malicious actors. The Trump Administration has made clear that the U.S. Government should impose real costs on adversaries to change their behavior. While the private sector is already executing discrete disruptions against malicious actors, coordination has historically been fragmented. The strategy identifies that increased collaboration with private sector entities, who possess unique insight into adversary behavior, can in turn enable more impactful deterrence.
Promote Common Sense Regulation (Pillar 2)
The strategy appropriately recognizes that complexity is the enemy of security. A focus on measurable improvements in cyber outcomes (versus check-the-box compliance exercises) collectively makes us all safer. While much attention is rightfully paid toward harmonizing incident reporting requirements, which Palo Alto Networks wholeheartedly supports, let’s not stop there. The federal government can lead by example by consolidating and streamlining federal government software compliance certifications. For example, there should be logical reciprocity between FedRAMP High and DoW IL-5 certifications.
Modernize and Secure Federal Government Networks (Pillar 3)
In addition to the necessary attention on AI-powered cyber defense, cloud security and zero trust network architecture, Palo Alto Networks applauds the discrete focus on quantum-safe security ahead of “Q-Day,” the point where quantum computing capabilities will compromise legacy public key encryption that has underpinned cybersecurity for decades. As Federal CISO Mike Duffy recently stated, "Modernization without considering PQC readiness or cryptographic agility is really creating technical debt in the future, something that we don’t want to see ever.”
To address this challenge, Palo Alto Networks provides a structured quantum-safe framework organized into four stages:
Continuous Discovery – Automating ecosystem ingestion to identify cryptographic dependencies.
Risk Assessment & Prioritization – Evaluating vulnerabilities to establish a data-driven remediation roadmap.
Comprehensive Remediation – Executing the transition to post-quantum algorithms across the architecture.
Governance & Crypto-Hygiene – Maintaining long-term visibility and management.
The bottom line is that 2035 is too late. Quantum readiness must accelerate today, and this strategy will set a critical North Star to drive the necessary urgency.
Secure Critical Infrastructure (Pillar 4)
Critical infrastructure resilience is central to our homeland security, economic security, public health and safety. Unfortunately, critical infrastructure entities are increasingly under assault from emboldened cyber adversaries.
In fact, Palo Alto Networks research shows some form of operational disruption in up to 86% of major cyber incidents. Our 2026 Global Incident Response Report underscores another sobering reality: These entities are under assault from all angles. In 87% of cyber incidents, attacks targeted multiple attack surfaces, which spanned the network, cloud, endpoints and identity.
Recognizing that you can’t secure what you can’t see, we need a national-level effort to identify, prioritize and harden the critical infrastructure that the American people depend upon. This strategy puts an important marker in the ground to revitalize those efforts.
Sustain Superiority in Critical and Emerging Technologies (Pillar 5)
Palo Alto Networks was pleased to see the strategy reinforces the core tenets of the AI Action Plan, emphasizing that "secure-by-design" principles for AI technologies are non-negotiable and that AI adoption and AI security can and must be inexorably linked.
Enterprises should be able to deploy AI confidently without fear of data leakage, model tampering or rogue AI agents. However, despite our research showing an 88% success rate of “jailbreaking” techniques against widely deployed AI models, only 6% of organizations currently have an AI security strategy. It’s time to flip this paradigm and put defenders back in the driver’s seat in this AI-first moment.
To support this emerging consensus around the importance of promoting AI security, we developed the Secure AI by Design Policy Roadmap. This framework provides a four-part construct to evaluate the evolving dimensions of threats to AI systems. Palo Alto Networks is also proud to make its comprehensive AI security suite, Prisma® AIRS, available to all federal agencies at substantial discounts through GSA’s OneGov Initiative.
Build Talent and Capacity (Pillar 6)
Recognizing America’s cyber workforce as a “strategic asset,” the strategy calls for a pragmatic and accessible pipeline for developing talent. The explicit recognition that we should take advantage of existing avenues across government, industry and academia is important. For example, Palo Alto Networks is proud of the impact of its Cybersecurity Academy – that provides free, NIST Framework-aligned curricula covering essential domains, such as cybersecurity fundamentals, enterprise and network security, cloud security, security operations and the AI/cybersecurity nexus.
Resources like this, and those for other entities, can form the basis of a renewed focus on cyber talent development.
Turning Strategic Vision Into Action
Palo Alto Networks views itself as more than a cybersecurity vendor. We see ourselves as an integrated national security partner of the federal government at a moment when defending our digital way of life demands all of us working together. To that end, we are ready to do our part to turn strategic vision into action.
This strategy should be applauded. Let’s roll up our sleeves and get to work.
See the agentic SOC come to life at Cortex® Symphony 2026, the ultimate SOC event.
Today, the Cortex® platform takes a massive step toward delivering the perfect union of human expertise and agentic AI across all of security operations. Our latest release embeds immersive, context-aware agentic AI across the platform, from code to cloud to SOC, delivering an agentic-first analyst experience for our customers.
With new Cortex AgentiX agents built to tackle more use cases and an expanded AI-ready data foundation, this release slashes response times and redefines what high-efficiency SOC operations look like.
Attack Velocity Has Fundamentally Changed
Not long ago, adversaries took days to move from initial access to impact. Today, they weaponize AI across the attack lifecycle to operate up to 4x faster than just one year ago, executing end-to-end attacks in as little as 72 minutes, according to Unit 42® research.
These attacks are making manual response obsolete. Teams need the next generation of AI technology that can analyze, decide and act in real time. Our latest innovations, fueled by unified, high-fidelity data, help give defenders the edge they need to outmaneuver modern attacks.
An AI-Ready Data Foundation for the Agentic SOC
Agentic AI depends on data that is fast, flexible and built for scale. Cortex Extended Data Lake (XDL) provides that data foundation for Cortex XSIAM and the broader Cortex platform, serving as a single source of truth for security operations. Built for AI and analytics, it ingests more than 15 PB of telemetry daily across 1,100+ integrations, and is designed to provide the comprehensive data required for effective detection, investigation, and response.
With the introduction of Cortex XDL 2.0, we are revolutionizing how organizations store, access and manage data, enabling new levels of flexibility and control.
New capabilities added with the Cortex XDL 2.0 release:
Cost-efficient data lake tier that can lower SOC costs with flexible long-term retention for compliance, forensics and investigations.
Federated search to query distributed data sources without incurring additional ingestion or storage costs.
Native Chronosphere Telemetry Pipeline integration to filter and route telemetry at the source
AI-driven parsing that automatically builds production-ready parsers from sample logs using generative AI, removing hours of manual effort and accelerating time to value.
Together, these capabilities power AI agents with critical security signals and give security teams the data they need, when and where they need it, while controlling costs.
Redefining How Analysts Work in the SOC
Cortex introduces an agentic-first analyst experience that embeds advanced AI directly into the analyst’s daily workflow. Designed to reduce investigation time, the elevated experience brings together automatically generated case summaries, visualized issue relationships, and a centralized Resolution Center within a unified case management workspace.
AI now spans the Cortex console, allowing context-aware agents to work in real time alongside analysts. Using the Cortex Agentic Assistant, teams can call on agents to plan and execute investigation workflows directly within their cases.
This release also doubles the number of AI agents who are purpose-built for SecOps and Cloud Security. Here are three of the newest additions.
The Case Investigation agent delivers context-aware assistance that analyzes case artifacts and complex signals to accelerate triage. It recommends next steps, highlights critical evidence, builds AI case summaries, and takes action with analyst oversight.
The Cloud Posture agent helps teams uncover, triage and resolve misconfigurations and posture risks across cloud environments. It streamlines analyst workflows by proactively prioritizing risk, enriching exposures and applying approved fixes.
The Automation Engineer agent tackles one of automation’s biggest pain points: Building and maintaining complex workflows. With simple natural language prompts, teams can generate working code and scripts for agents or playbooks.
The new Case Management Workspace provides full investigative context to streamline case analysis.
Our new agentic playbooks bring AI directly into automation workflows, embedding AI tasks that adapt in real time to help teams resolve incidents faster. They automate complex operations, analyze inputs with large language models (LLMs), and produce context-specific outputs.
Matt Bunch, Global CISO, Tyson Foods:
At Tyson Foods, protecting a complex global supply chain in an era of AI-driven threats requires us to move with the same machine speed as our adversaries. By consolidating onto the Palo Alto Networks Cortex platform, we’ve effectively closed the gap between detection and response. The impact has been transformative as we’ve increased our log visibility by 40% while reducing median time to respond by 50%. The agentic capabilities in the platform have allowed our teams to move from manual triage to high-level strategic defense, ensuring our global operations remain resilient and secure.
The Cortex Agentix Platform Has Arrived
The standalone Cortex Agentix platform brings the power of AI to everyone, delivering advanced orchestration and automation for the modern SOC. For Cortex XSOAR® customers, this marks the natural evolution of our market-leading SOAR platform, now enhanced with agentic intelligence to unlock meaningful productivity gains.
With more than 1,300 playbooks, 1,100 integrations, and built-in MCP support, Cortex Agentix combines over a decade of SOAR leadership with powerful AI capabilities to help security teams operate with greater speed, coordination and efficiency across the SOC.
Securing the Agentic Endpoint
As users increasingly run AI-powered code packages, browser extensions, plugins and more, they are opening the door to a new class of AI-driven threats at the endpoint. That is why we announced our intent to acquire Koi to help secure the emerging agentic endpoint. Once completed, the acquisition will strengthen our visibility and protection at the endpoint, extending our ironclad protection from the SOC to where AI code actually runs.
See the Agentic SOC Take Center Stage at Cortex Symphony 2026
To experience these innovations firsthand, join Lee Klarich, Chief Product and Technology Officer, and Gonen Fink, EVP of Products, alongside other industry leaders at Cortex Symphony 2026, the ultimate SOC event.
This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.
Palo Alto Networks, ServiceNow, and Bell Canada have come together in a strategic collaboration to build an innovative ServiceNow application that creates an automated bridge between world-class security operations and industry-leading service management.
Large enterprises need robust security at cloud speed, but operational complexity keeps getting in the way. Here’s what that looks like in practice:
Operations teams juggle multiple dashboards. When an issue surfaces, they are bouncing between the Prisma® SASE (secure access service edge) console to identify the incident, ServiceNow to log the case, and a customer support portal to escalate the issue. Every handoff inflates MTTR (mean time to resolution) and introduces room for error.
Customers are stuck in a deployment purgatory. Manual infrastructure configuration, connector setup, and mobile user onboarding can stretch on for weeks or months. Every day spent wrestling with configuration files is a day that value isn’t delivered.
Multi-tenant management doesn’t scale. If operational overhead grows linearly with each new tenant, the business model ultimately caps itself.
Bell Canada, through its innovative and security-first approach in the Canadian market, is a lighthouse partner that helped pioneer this innovation through its deep engagement with ServiceNow and a strategic partnership with Palo Alto Networks. With a strong focus on delivering exceptional customer value, Bell helped drive the vision for a simplified, scalable approach to SASE management.
Driven by their commitment to service excellence and customer outcomes, Bell worked closely with Palo Alto Networks and ServiceNow on this solution, accelerating customer time to value and simplifying operational complexity. Bell was among the first to champion this vision, acting as a market thought leader and helping shape a new standard for integrated SASE and service management outcomes in Canada.
Large Enterprises and Managed Service Providers can accelerate time to value by automating the entire lifecycle of Prisma SASE, from deployment to ongoing incident response through a newly launched Prisma SASE app on the ServiceNow store. The Prisma SASE app can accelerate MSP service delivery and management, significantly shrinking time to value and thereby positively impacting both top-line revenue and bottom-line EBITDA.
The Prisma SASE Platform Is Accelerating Value through Unified Automation and Platformization
Time to value (TTV) is one of the most critical metrics for IT teams helping customers move forward. With the Prisma SASE app, customers can go from implementation to go-live in just hours. There’s no need to build custom API integrations or take on technical debt for Day 0 to Day N operations. The app automates infrastructure setup, including ZTNA connectors and mobile user workflows, so providers can get their SASE offerings to market faster.
Optimizing Service Delivery through Unified Incident Lifecycle Management.
The joint solution eliminates swivel chair operations. Security and network administrators no longer need to toggle between the Prisma SASE console, ServiceNow and support portals. Incident ingestion and management now happen in one place. Incidents stay in sync, manual overhead drops, and mean time to resolution improves. For MSPs, there’s the added benefit: they can create Palo Alto Networks CSP (Customer Support Portal) tickets directly from the ServiceNow SASE app, making incident correlation and troubleshooting straightforward.
Drive Scalable Growth by Automating Cross-Instance Support with Service Exchange
ServiceNow’s Service Bridge is a major unlock for Managed Service Providers scaling their SASE offerings. It automates cross-instance support so critical security incidents and status updates flow between the MSP’s ServiceNow instance and the customer’s ServiceNow instance without manual sync work. This creates operational transparency and a better service experience for customers while MSPs can deliver faster without adding headcount or complexity.
Key Takeaways:
Rapid Time to Value: Shift from months of manual configuration to hours of automated deployment by leveraging out-of-the-box integrations that eliminate custom R&D and technical debt.
Unified Operational Excellence: Eliminate "swivel chair" management by unifying incident ingestion, ticket syncing and support portal escalation into a single ServiceNow interface, significantly reducing MTTR.
SASE at Scale: The Prisma SASE app provides a unified architecture that scales across tenants automatically, ensuring security keeps pace with business growth.
Take the Next Step
As you adopt SASE, take out the complexity of implementation with the Prisma SASE app.
Download the App: Visit the ServiceNow Store today and download the Prisma SASE app to start automating your deployment.
Meet Us at MWC: Are you heading to Barcelona forMobile World Congress (MWC)? Come see these integrations in action. Stop by the Palo Alto Networks booth (Hall 4, Stand D55) for a live demo and to chat with our experts about simplifying your SASE implementation.
Contact our sales team for any additional questions.