How to find IP in cert logs?


According to a post from 2017 Let's Encrypt stated that IP's for certificate requests was logged:

Is it possible to search or lookup an IP based on a CN or certificate fingerprint?


1 Like

As far as I know, LE never went through with this public logging. The warning has been removed from certbot some time ago too.


The removal of that specific certbot option in manual: deprecate --manual-public-ip-logging-ok by alexzorin · Pull Request #8381 · certbot/certbot · GitHub seems to be an unilateral decision of EFF/the certbot team and not decided by Let's Encrypt. The current privacy policy from Let's Encrypt (as linked in the Subscriber Agreement, Privacy Policy - Let's Encrypt) does actually still contain phrases about disclosure of IP addresses. However, at this moment, there's not a method for publicly retrieving that info.


There's some things posted here by a (now former) Certbot engineer describing the intention of the "public ip logging" feature and that it wasn't ever actually implemented:

For your own ACME account, if you request the ACME account object from the server you can get the IP that originally created the account. (Though, I don't know as any popular ACME client easily exposes that information.) But it's only accessible to the holder of the account key directly, and to people working for Let's Encrypt, not to the public in general.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.