it runs floats enough to sign a cert with ipaddress, but currently ratelimit is broken
tested with modified certbot certbot/certbot#8029 for ipv4 addresses, and ipv6 just before actual signing
pa and CFSSL blocks signing certificate for reserved IP address, and I don’t have ipv6 internet connectivity, I couldn’t test actual ipv6 cert:
P.S what kind of IP should be used for integrate testing that isn’t Reserved IP address and free to use in test context? this sound self contradict
I think it makes sense to just steal a public range, route it inside the docker-compose setup and use it for testing. Boulder already steals the public .wtf gTLD for testing purposes, so there is no big new sin being committed. A similar approach could probably be used for testing for IPv6 integration tests.
IP Address SANs are the first item on the public roadmap (Upcoming Features - Let's Encrypt), it might be worth asking one of the Boulder developers their thoughts on accepting a contribution like this.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.