In 2022, is it now possible to get SSL without a domain (and only an IP address)?

Some people have already asked this before and got a "no" response, but since then, this PR to certbot was merged, so it looks like it is possible now.

However, Certbot still has this step when doing certbot certonly --standalone, which doesn't have any mention of IP addresses:

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):

Just wanting a confirmation.

No, it continues to not be possible from Let's Encrypt.

4 Likes

You will probably get more responses.

If you are asking if Let's Encrypt (by ISRG), a Certificate Authority with ACME server, issues certs for IP addresses the answer is no. I don't have links for recent news readily available.

But, if you are just wondering about Certbot the question is best on the github you reference. Certbot is an ACME client and is supported by EFF in github. I believe it can talk with other CAs too. Note some Certbot developers and experts help in this forum for Let's Encrypt too so may respond anyway.

I just wanted to help clarify your question.

5 Likes

That PR is for the acme library only. As there are no free public CA's using ACME offering certificates for IP addresses, the changes to the actual Certbot application were turned down by the developers.

3 Likes

"In 2022, is it now possible to get SSL without a domain (and only an IP address)?"

From a paid commercial CA, Yes.

From LetsEncrypt, No.

It may be possible from ZeroSSL. They have claimed it is possible in their own docs, but several ACME clients had tried and failed to properly integrate because ZeroSSL did not deploy it yet.

1 Like

But even then, via ACME protocol?
Not likely [or we would have heard about it - lol]

1 Like

Doesn't ZeroSSL support IP addresses when not using ACME, but their other (REST?) API or their website directly? In any case, Certbot (or the acme library as mentioned in the PR by OP) doesn't help you with that :stuck_out_tongue:

4 Likes

I don't know. I don't really care. I answered the question broadly: it's possible to pay for an IP Cert; a CA with a free tier claims to offer IP Certs, but I haven't seen an ACME client successfully integrate myself. There is a go library that recently claims it works. Who knows.

tldr; it's possible. it may not be possible in the exact way the OP wants, but if an IP Cert means enough to them, they can get one.

3 Likes

Then you overlooked:

And we just want to make it clear that "possible" doesn't currently include certbot nor LE.
Nor does any other CA provide certs for IPs via ACME protocol.

I just don't want to mislead anyone nor give them some false sense of hope.
[crush their dreams! - lol]

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.