Certbot up to 5.2.2 blocks requests for IP certificates

Over a week ago 6-day and IP Address Certificates are Generally Available - Let's Encrypt announced the production availability of IP address certificates was annonuced..

Unfortunately the official-ish client certbot still blocks requests for such certificates with this message:

Requested name ... is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address.

I have verified this in 4.0.0-2 (what Debian and Ubuntu provide) as well as 5.2.2 (snap and docker-image).

The according function is enforce_domain_sanity() in util.py.

IMO that blockage should be removed, or changed to a warning.

Opinions? Can I help?

This probably should go in the Help category too because this issue might hit others too, but I guess the Client dev category is read by more devs.

There's a PR on the Github repository for adding support already, but it seems to take ages.

Thanks for the Github hint!

That's where the real discussions happen, and where the IP address certificates are a hot topic indeed.

Relevant PRs include [Feature Request]: IP address subjectAlternativeName certificates · Issue #10346 · certbot/certbot · GitHub, https://github.com/certbot/certbot/pull/10468, https://github.com/certbot/certbot/pull/10495, webroot: add IP address support by jsha · Pull Request #10543 · certbot/certbot · GitHub

Yeah, so it looks like support is getting added, that --ip-address CLI option just last week. There hasn't been a release after that yet, so a little bit more patience is required I guess.