Getting ready to issue IP address certificates

Issuance Tech
1

We're almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the shortlived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while.

Please note: We have more work to do before we're ready to launch this feature for the public. We don't yet have a timeline, and aren't ready to accept allowlist requests.

Here's a sample staging certificate, and a site using it:

  • abadcafe.txt (3.0 KB)
  • https://[2602:ff3a:1:abad:c0f:fee:abad:cafe]/

Please speak up if you see anything interesting, weird, or wrong!

I think I already found a bug in Firefox's display of IP address SANs; BZ #1973855.

10 Likes
2

Lol, also a bug in Discourse I guess? The URL is blue, but it's just a <a>...</a> without the href= part et cetera.. So an anchor, yes, but hyperlink? No..

Anyway, gotta get myself on that shortlived profile somehow :stuck_out_tongue:

How can I make my browser NOT follow the 302 redirect? Whilst being funny, the whole Starbucks thing, I cannot check the certificate in the browser due to the redirect :slight_smile:

Also: is it allowed to have IP addresses as a dnsName in the SAN? That's kinda weird, right? But in this case it's just a valid FQDN.. Interesting :stuck_out_tongue: And confusing! Valid hex only character domain names should be forbidden :rofl:

3 Likes
3

It should be an IP SAN type. This would be IP.# in OpenSSL, not DNS.#.

A related post:

3 Likes
4

Oof! That does look like a Discourse limitation.

Good point, thanks! I've just replaced the redirect with a static page.

That's the interesting and weird part I hoped people would notice. :joy: This certificate has DNS SANs as well as an IP SAN. They are similar, but look closely: one is definitely a DNS name and one is definitely an IPv6 address.

When I was writing test cases, it occurred to me that someone could potentially do this, so I went looking for TLDs that match [0-9a-f]{,4}, found .cafe, and registered abad.cafe in order to cause this confusion.

8 Likes
5

Is the underlying SAN specifically coded as IP type? I haven't dug around in it. I noticed my guarding code in my overhaul of CertSage recently, which is why this came to mind.

2 Likes
6

It should be, and my own inspection confirms that it is, but that's why we're asking other folks to take a look!

4 Likes
7

I shudder to think of the amount of hardcoded software that will soon be tripping over this (not actually) new concept. :woozy_face:

3 Likes
8

Decoded

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:64:98:a5:1c:55:e9:6f:74:94:17:be:70:6c:1b:d1:62:a2
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=(STAGING) Let's Encrypt, CN=(STAGING) False Fennel E6
        Validity
            Not Before: Jun 24 21:17:50 2025 GMT
            Not After : Jul  1 13:17:49 2025 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:b9:e5:b6:2c:6f:a8:0b:23:a3:9c:ba:6b:66:68:
                    3f:69:70:9b:b6:da:92:42:c5:68:e3:c1:8d:3f:e6:
                    d9:31:51:47:0d:45:eb:8f:7d:33:f5:9f:01:5e:5b:
                    7e:bc:57:47:31:c6:d6:7f:c3:79:a6:55:e8:09:b6:
                    0a:91:c6:3f:c2
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                A1:74:1A:06:6D:50:B7:86:2D:4A:2C:C1:7E:B4:8D:88:49:6C:CD:16
            Authority Information Access: 
                CA Issuers - URI:http://stg-e6.i.lencr.org/
            X509v3 Subject Alternative Name: critical
                DNS:2602.ff3a.0001.abad.0c0f.0fee.abad.cafe, DNS:2602.ff3a.1.abad.c0f.fee.abad.cafe, DNS:abad.cafe, DNS:www.abad.cafe, IP Address:2602:FF3A:1:ABAD:C0F:FEE:ABAD:CAFE
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://stg-e6.c.lencr.org/35.crl
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 16:E8:69:C1:D1:95:EA:D7:C3:F8:97:1A:E3:F0:76:01:
                                F7:8C:E1:B6:9D:31:A8:52:18:B6:83:7F:31:A8:15:08
                    Timestamp : Jun 24 22:16:20.508 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:57:02:0A:71:18:C1:A7:92:85:13:3B:52:
                                DC:13:80:02:85:89:6C:76:A6:6B:63:18:35:1B:98:BA:
                                62:3E:FD:47:02:21:00:CE:D1:76:F9:4A:4C:86:AA:8D:
                                30:15:D7:9E:71:1C:63:31:B0:8D:41:FC:05:E3:60:35:
                                99:66:52:76:9A:C1:B2
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B0:CC:83:E5:A5:F9:7D:6B:AF:7C:09:CC:28:49:04:87:
                                2A:C7:E8:8B:13:2C:63:50:B7:C6:FD:26:E1:6C:6C:77
                    Timestamp : Jun 24 22:16:20.473 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:16:62:74:68:60:C2:F8:BA:45:79:BA:6D:
                                45:1F:07:3C:A6:E4:76:D1:A3:97:D3:F1:8F:0F:60:D2:
                                8B:E0:C8:A2:02:21:00:CD:BC:E4:68:ED:B9:7C:3D:D0:
                                EC:E2:33:5E:5B:18:B3:1A:44:46:D1:22:FB:31:97:78:
                                21:B7:02:A7:39:7E:E7
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:66:02:31:00:a4:d9:fc:d7:a6:30:0f:ee:d0:34:84:17:78:
        8b:f9:86:00:c0:16:c8:9a:3e:51:fa:e5:43:a1:8f:5c:4f:be:
        59:25:74:fa:34:66:b5:63:80:6f:ed:27:77:5d:5f:e2:e8:02:
        31:00:ec:6c:d0:a7:4d:1c:ec:5a:1c:8d:32:b3:b4:82:79:bc:
        31:14:75:ca:67:a7:78:57:00:0d:8d:b5:01:8d:f3:30:0e:02:
        f0:4d:02:6f:62:a9:82:5c:9b:00:1e:db:af:0f

ASN.1

0 990: SEQUENCE {
  4 867:   SEQUENCE {
  8   3:     [0] {
 10   1:       INTEGER 2
       :       }
 13  18:     INTEGER 2C 64 98 A5 1C 55 E9 6F 74 94 17 BE 70 6C 1B D1 62 A2
 33  10:     SEQUENCE {
 35   8:       OBJECT IDENTIFIER ecdsaWithSHA384 (1 2 840 10045 4 3 3)
       :       }
 45  83:     SEQUENCE {
 47  11:       SET {
 49   9:         SEQUENCE {
 51   3:           OBJECT IDENTIFIER countryName (2 5 4 6)
 56   2:           PrintableString 'US'
       :           }
       :         }
 60  32:       SET {
 62  30:         SEQUENCE {
 64   3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 69  23:           PrintableString '(STAGING) Let's Encrypt'
       :           }
       :         }
 94  34:       SET {
 96  32:         SEQUENCE {
 98   3:           OBJECT IDENTIFIER commonName (2 5 4 3)
103  25:           PrintableString '(STAGING) False Fennel E6'
       :           }
       :         }
       :       }
130  30:     SEQUENCE {
132  13:       UTCTime 24/06/2025 21:17:50 GMT
147  13:       UTCTime 01/07/2025 13:17:49 GMT
       :       }
162   0:     SEQUENCE {}
164  89:     SEQUENCE {
166  19:       SEQUENCE {
168   7:         OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
177   8:         OBJECT IDENTIFIER prime256v1 (1 2 840 10045 3 1 7)
       :         }
187  66:       BIT STRING
       :         04 B9 E5 B6 2C 6F A8 0B 23 A3 9C BA 6B 66 68 3F
       :         69 70 9B B6 DA 92 42 C5 68 E3 C1 8D 3F E6 D9 31
       :         51 47 0D 45 EB 8F 7D 33 F5 9F 01 5E 5B 7E BC 57
       :         47 31 C6 D6 7F C3 79 A6 55 E8 09 B6 0A 91 C6 3F
       :         C2
       :       }
255 616:     [3] {
259 612:       SEQUENCE {
263  14:         SEQUENCE {
265   3:           OBJECT IDENTIFIER keyUsage (2 5 29 15)
270   1:           BOOLEAN TRUE
273   4:           OCTET STRING 03 02 07 80
       :           }
279  19:         SEQUENCE {
281   3:           OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
286  12:           OCTET STRING 30 0A 06 08 2B 06 01 05 05 07 03 01
       :           }
300  12:         SEQUENCE {
302   3:           OBJECT IDENTIFIER basicConstraints (2 5 29 19)
307   1:           BOOLEAN TRUE
310   2:           OCTET STRING 30 00
       :           }
314  31:         SEQUENCE {
316   3:           OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
321  24:           OCTET STRING
       :             30 16 80 14 A1 74 1A 06 6D 50 B7 86 2D 4A 2C C1
       :             7E B4 8D 88 49 6C CD 16
       :           }
347  54:         SEQUENCE {
349   8:           OBJECT IDENTIFIER authorityInfoAccess (1 3 6 1 5 5 7 1 1)
359  42:           OCTET STRING
       :             30 28 30 26 06 08 2B 06 01 05 05 07 30 02 86 1A
       :             68 74 74 70 3A 2F 2F 73 74 67 2D 65 36 2E 69 2E
       :             6C 65 6E 63 72 2E 6F 72 67 2F
       :           }
403 133:         SEQUENCE {
406   3:           OBJECT IDENTIFIER subjectAltName (2 5 29 17)
411   1:           BOOLEAN TRUE
414 123:           OCTET STRING
       :             30 79 82 27 32 36 30 32 2E 66 66 33 61 2E 30 30
       :             30 31 2E 61 62 61 64 2E 30 63 30 66 2E 30 66 65
       :             65 2E 61 62 61 64 2E 63 61 66 65 82 22 32 36 30
       :             32 2E 66 66 33 61 2E 31 2E 61 62 61 64 2E 63 30
       :             66 2E 66 65 65 2E 61 62 61 64 2E 63 61 66 65 82
       :             09 61 62 61 64 2E 63 61 66 65 82 0D 77 77 77 2E
       :             61 62 61 64 2E 63 61 66 65 87 10 26 02 FF 3A 00
       :             01 AB AD 0C 0F 0F EE AB AD CA FE
       :           }
539  19:         SEQUENCE {
541   3:           OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
546  12:           OCTET STRING 30 0A 30 08 06 06 67 81 0C 01 02 01
       :           }
560  49:         SEQUENCE {
562   3:           OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
567  42:           OCTET STRING
       :             30 28 30 26 A0 24 A0 22 86 20 68 74 74 70 3A 2F
       :             2F 73 74 67 2D 65 36 2E 63 2E 6C 65 6E 63 72 2E
       :             6F 72 67 2F 33 35 2E 63 72 6C
       :           }
611 260:         SEQUENCE {
615  10:           OBJECT IDENTIFIER
       :             googleSignedCertificateTimestamp (1 3 6 1 4 1 11129 2 4 2)
627 245:           OCTET STRING
       :             04 81 F2 00 F0 00 76 00 16 E8 69 C1 D1 95 EA D7
       :             C3 F8 97 1A E3 F0 76 01 F7 8C E1 B6 9D 31 A8 52
       :             18 B6 83 7F 31 A8 15 08 00 00 01 97 A4 03 79 1C
       :             00 00 04 03 00 47 30 45 02 20 57 02 0A 71 18 C1
       :             A7 92 85 13 3B 52 DC 13 80 02 85 89 6C 76 A6 6B
       :             63 18 35 1B 98 BA 62 3E FD 47 02 21 00 CE D1 76
       :             F9 4A 4C 86 AA 8D 30 15 D7 9E 71 1C 63 31 B0 8D
       :             41 FC 05 E3 60 35 99 66 52 76 9A C1 B2 00 76 00
       :                     [ Another 117 bytes skipped ]
       :           }
       :         }
       :       }
       :     }
875  10:   SEQUENCE {
877   8:     OBJECT IDENTIFIER ecdsaWithSHA384 (1 2 840 10045 4 3 3)
       :     }
887 105:   BIT STRING
       :     30 66 02 31 00 A4 D9 FC D7 A6 30 0F EE D0 34 84
       :     17 78 8B F9 86 00 C0 16 C8 9A 3E 51 FA E5 43 A1
       :     8F 5C 4F BE 59 25 74 FA 34 66 B5 63 80 6F ED 27
       :     77 5D 5F E2 E8 02 31 00 EC 6C D0 A7 4D 1C EC 5A
       :     1C 8D 32 B3 B4 82 79 BC 31 14 75 CA 67 A7 78 57
       :     00 0D 8D B5 01 8D F3 30 0E 02 F0 4D 02 6F 62 A9
       :     82 5C 9B 00 1E DB AF 0F
       :   }
3 Likes
9

Dang, just saw the dots vs. colons after looking at it for 5 extra minutes :rofl: Even though I already figured it was a valid FQDN, I didn't notice thát difference.

5 Likes
10

I want to get a coffee there. :hot_beverage:

5 Likes
11

best
best257×196 7.77 KB

coffee

4 Likes
12

Can the shortlived profile be enabled for all on staging yet? Hard to give feedback without trying it out.

2 Likes
13

We will enable it in staging pretty soon. Probably in the next few weeks, once we are confident our implementation is at least close to correct and complete.

There’s a bunch of details around things like rate limits, scale, etc which we need to resolve before going to production, but that’s not as relevant to staging, which sees a lot less traffic.

6 Likes
14

Would it be correct to assume that the DNS-01 Challenge also cannot be used for the issuance of an IP Address Certificate?

3 Likes
15

Correct. HTTP and TLS-ALPN only

4 Likes
16

It's been probably ~15 years since the last time I was messing with (private) IP SAN certs on the regular. But at that time, it seemed like you needed the IP as both an IP and DNS SAN value in the cert for maximum browser compatiblity. Which is to say, some browsers needed one and other browsers needed the other.

Not sure if there's a compat matrix around anywhere, but it's probably worth testing a bunch of desktop and mobile browsers with different combinations to see if there are any buggy implementations.

4 Likes