Establish direct IP connections in spite of the web PKI.
The latest certificate for *.faketls.com is faketls-2026, expiring on March 7, 2027. A new one will be provided in early 2027. For automatic updates, you can check latest.json.
The DNS server can resolve every IPv4 and IPv6 address. Simply replace . with - and : with _. Examples:
1.2.3.4 = 1-2-3-4.faketls.com1337::cafe:babe = 1337__cafe_babe.faketls.comIt is deployed on an anycast address with 4 PoPs (Las Vegas, Miami, New York, & Switzerland) to reduce global latency.
Obviously, TLS with *.faketls.com offers no confidentiality and weak integrity guarantees due to the certificate being public here.
If these are guarantees you need from TLS, you can use iptls.com which uses the same DNS logic but has no corresponding wildcard certificate.
Instead, you have to obtain your own cert, e.g. using Certbot: certbot certonly --non-interactive --agree-tos --standalone -d $(curl http://my.iptls.com)
A service by Calamity, Inc. · Status Page