Certificate for public IP without domain name


#86

https://1.1.1.1/ cert was issued by DigiCert (not LetsEncrypt)


#87

I think IP address certificates have to be supported eventually. They are pretty much required for running a DNS-over-HTTPS server because with hostnames you run into a chicken-or-egg problem on a DNS server.

A DNS challenge could be done on the reverse zone, and HTTP is even simpler than for hostnames.


#88

That’s definitely an important use case, but for example Cloudflare’s is issued by DigiCert, so it doesn’t necessarily absolutely have to be done by Let’s Encrypt.


#89

I’m sure you can get IP certicates from other CAs if you pester them enough. I’m worried that CAs will probably attempt to charge a premium for them, which could hinder adoption of DoH.


#90

#91

It is possible to purchase certificates for IP addresses, but not from Let’s Encrypt. Let’s Encrypt may offer IP address certificates in the future, but as of September 2018 we do not.