Certificate for Server IP


#1

SSL LAB is now testing also server IP and if this has not valid certificate show it.
Please, will let’encrypt support certificate for server IP?

There are some plan? (I hope)
Thanks.


#2

As far as I’m aware there is no plan to issue certificates for IP addresses. There are a number of obvious problems with dynamic IP addresses which would make it virtually impossible to prove automatically that you were the “owner” of that IP address for the period of validity for the certificate.


#3

@PeopleInside do you mean that SSL Labs has an option to type in an IP address rather than a hostname? I suppose that might be useful to some people, but it doesn’t seem like it changes anything for Let’s Encrypt.


#4

@tialaramex no, when I scan my domain name as there are SNI support SSL LAB scan for other certificate so test my server IP who has not a valid certificate.

The IP server will not change the security score but… I think is more secure use an trusted SSL than self signed or wrong certificate. My VPS IP never change. I see there are some company who sell IP certificate but is expensive, I AM not into business, just want … ok let’s Encrypt will not support IP certificate. Sad to know.


#5

SNI is a (web) server configuration thing, it’s not something that’s part of the certificate. If you want your site to serve a valid certificate to clients without SNI support (which is what SSL Labs is simulating), you’ll simply need to stick to one certificate per IP address, and make sure that this certificate is the default certificate configured in your web server.

You don’t need an IP certificate to serve clients without SNI. In fact, an IP certificate won’t be valid if your visitors open your sites via your domain name.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.