I ran this command:
Using golang.org/x/crypto/acme/autocert library in Go server to create certificate. The servers runs as expected using https but print the following message:
It produced this output:
2019/08/28 14:26:48 http: TLS handshake error from 107.178.237.16:53543: 400 urn:acme:error:malformed: Error creating new authz :: Issuance for IP addresses not supported
My web server is (include version):
The Go web server I have written.
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
Google Cloud Platform
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Bo
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): None
I suspect (but may be wrong) that @tskale has autocert configured to try and issue certificates automatically in-line with requests that arrive when no certificate is available to satisfy the hostname provided by the client’s TLS SNI value.
If that’s the case then I think you need to filter out requests where the SNI is an IP address and not a domain name. As @JuergenAuer mentioned Let’s Encrypt doesn’t issue certificates for anything other than domain name identifiers presently.