[We’re generating certs for private-VPN-ed/LAN-ed machines, and I’d prefer to not have my network’s public IP address unnecessarily logged in your system and publicized later. I’d rather not “invite” attackers to our “private” network – even if the benefit of “hiding” is marginal.]
I saw your question in reddit yesterday, but as far as i know, i don’t think they have such option.
However, my response is not official, so ping @lestaff for clarification.
Also, I think as of now, Let’s Encrypt also don’t plan to publish IP info for each certificate.
@rg305 - I think you refer to something other than what I’m asking. See the details I just recently added to my (original) question post. Thanks! (@stevenzhu appears to understand my intent.)
Ok, after clicking the links you provided, I now understand your request.
But I don't quite follow this statement:
It seems to imply that by simply knowing a public IP, one can access the private IP network (somewhere behind it). If that were true, all private networks would be accessible.
Given: Everyone already knows all the publicly available IPs.
[For IPv4, it starts at IP 1.0.0.1 and ends at IP 223.255.255.254]
[with some obvious exceptions - like RFC1918]
Transparency is a very important part of PKI and trust. If you don’t want any logging or publicizing of your certificates (All certificates are permanently written to CT), You should operate your own internal PKI which can be run in any way you see fit.
I believe the OP is trying to prevent Let's Encrypt record the request originator's IP, in fear of hacking or other attacks to their infrastructure. It has nothing to do with certificate transparency (unless Let's Encrypt publish the originator's IP with the certificate)
The originating IP is helpful when one is trying to validate, or track down, the system that obtained a cert from a domain you control.
So it can be useful to you.
But I don’t see how it can be “useful” to anyone else (including hackers).
[maybe you see/know something we are missing…]
Certbot displays this warning when you use --manual because it’s more likely that people using --manual are running Certbot on a different machine from their web server. (If you’re running directly on your web server, you can often use a different method to prove your control over the domain name.) In that case, you might not have considered that the machine interacting directly with the certificate authority is, for example, your personal laptop as opposed to your web server, and hence it’s the IP address of your personal laptop that will end up in Let’s Encrypt’s logs.
OK, so…
Let’s Encrypt itself is required by its policies and auditors to maintain a lot of logs related to certificate requests, in case the validity of a particular request or of Let’s Encrypt’s practices comes into serious question in the future. There is no way to prevent Let’s Encrypt from logging your IP address and other information when you request a certificate. (If you did want to hide it from the certificate authority, you could try to request the certificate via an anonymous proxy.)
The text about public logging relates to something that we were thinking about doing in the past to help security researchers investigate patterns of attacks and malicious use of certificate authorities. The idea is that the researchers could determine if there were particular methods that were being used routinely to obtain fraudulent certificates, or to attempt to. However, this public logging concept has never been implemented in practice.
It seems like that makes Certbot’s privacy warning here confusing because it relates to a hypothetical disclosure of information that doesn’t actually occur. I’ll try to follow up on this to see if we might want to get a definitive decision from the CA of whether this public logging is planned or not—and, if not, to remove this warning from Certbot entirely.
Answering yes to this question doesn’t affect Certbot’s (or Let’s Encrypt’s) behavior in any way; it’s just a requirement in order to use Certbot’s --manual mode because of the idea that IP addresses of users of --manual are more likely to be sensitive or not otherwise visible to the public than IP addresses of users of other methods.
I’ve now asked about this and it seems like we’re going to keep some form of this warning. I can clarify that Let’s Encrypt does not currently publicly publish this particular data anywhere, so the warning relates to a hypothetical future data release aimed at helping researchers investigate attacks against Let’s Encrypt. That release remains possible in principle, but it’s not something that’s happening today.