Certificate for public IP without domain name

rg305 · September 11, 2018, 3:46pm

https://1.1.1.1/ cert was issued by DigiCert (not LetsEncrypt)

silverwind · September 20, 2018, 6:56pm

I think IP address certificates have to be supported eventually. They are pretty much required for running a DNS-over-HTTPS server because with hostnames you run into a chicken-or-egg problem on a DNS server.

A DNS challenge could be done on the reverse zone, and HTTP is even simpler than for hostnames.

schoen · September 20, 2018, 7:00pm

That’s definitely an important use case, but for example Cloudflare’s is issued by DigiCert, so it doesn’t necessarily absolutely have to be done by Let’s Encrypt.

silverwind · September 20, 2018, 7:07pm

I’m sure you can get IP certicates from other CAs if you pester them enough. I’m worried that CAs will probably attempt to charge a premium for them, which could hinder adoption of DoH.

jsha · September 20, 2018, 7:47pm

It is possible to purchase certificates for IP addresses, but not from Let’s Encrypt. Let’s Encrypt may offer IP address certificates in the future, but as of September 2018 we do not.

Topic		Replies	Views
TLS certs for IP addresses for providers who change them? Issuance Policy	44	805	January 17, 2026
Subject Alternative Name (SAN) : field type ipAddress (IP in a CSR) Issuance Policy	24	24788	September 2, 2017
Securing Private Intranet Sites Issuance Tech	22	33361	February 24, 2017
IP Address SSL Creation Issuance Policy	27	2481	March 7, 2024
IP Address certs and anycast Issuance Tech	17	760	November 15, 2025

Certificate for public IP without domain name

Related topics