I have read the posts on IP address in ssl certs. Has there been any more developments? At the moment https://check-your-website.server-daten.de gives me an error (one among many!)
x.x.x.x 10000 Webmin (https) open https://x.x.x.x:10000/. Http-Status: 200. Certificate is invalid
Accessing the site is fine and the cert padlock shows. I assume that as the IP address is not listed under the SAN the error comes up.
I am uncertain that I could successfully add it in any case as the address is owned by my VPS provider and not by me direct? Is there any clarification on what can be done in these cases?
Would be good to get this sorted if possible so where can I track progress on this being developed please?
Let's Encrypt doesn't issue certificates for IP addresses.
ZeroSSL does, it was fairly straightforward to get a free one through their website when I tried many months ago. I'm not sure whether they make it available via their ACME integration though. When I tried, that wasn't available yet.
Nope, that feature has been "shelved". Please also see the following thread:
Also the only free ACME providing CA that issued certificates for IP address is down. Not sure how/why (it was a rather unknown Chinese CA).
Note that ZeroSSL does provide certificates for IP address, but just not through their ACME API. Only using their webinterface and/or REST API I believe (or that has changed too), but that method is subject to rather harsh limits, unless you pay. But I believe getting just one cert for the IP address using ZeroSSL should be possible.
Tried it a few days ago when I merged RFC 8738 into my Certbot forks "for own use" branch filled with some nice features (IMO) not getting in the main Certbot branch it was still not possible using ACME.
not sure why you want that kind of thing: thats means a webserver listens on any address on that subnet
(its like listening on every address on /24 in ipv4)
