Establish direct IP connections in spite of the web PKI.
The latest certificate for *.faketls.com is faketls-2025-2, expiring on March 7, 2026. A new one will be provided in early 2026. For automatic updates, you can check latest.json.
Please note that the faketls-2025 certificate was revoked on October 31 due to "private key compromise". Thank you AI security scanners. The replacement is faketls-2025-2 with the same validity period.
The DNS server can resolve every IPv4 and IPv6 address. Simply replace . with - and : with _. Examples:
1.2.3.4 = 1-2-3-4.faketls.com1337::cafe:babe = 1337__cafe_babe.faketls.comIt is deployed on an anycast address with 4 PoPs (Las Vegas, Miami, New York, & Switzerland) to reduce global latency.
Obviously, TLS with *.faketls.com offers no confidentiality and weak integrity guarantees due to the certificate being public here.
If these are guarantees you need from TLS, you can use iptls.com which uses the same DNS logic but has no corresponding wildcard certificate.
Instead, you have to obtain your own cert, e.g. using Certbot: certbot certonly --non-interactive --agree-tos --standalone -d $(curl http://my.iptls.com).
A service by Calamity, Inc. · Status Page