Hey! any success, if yes please share how u did that, if you have done, pls share!
Hey!
i am also trying to get SSL over IP address using certbot agent, but got no success yet, pls help as I am trying since more than a week. Thanks
I don't believe that certbot supports IP SANs yet.
2 Likes
do u get success in getting SSL on IP address? if yes if you can help out, certbot is not successful as far as i know and have tried
@barkha1296 I moved your comments from the other thread to its own. That thread was more for tracking people who wanted to get early access to public certs for IP certs.
Your problem seems related to what ACME Client supports IP addresses and how to use them.
You can get them today using the Let's Encrypt Staging system and the shortlived profile. Please read about that here: Profiles - Let's Encrypt
Certbot v5.1 does not yet support getting certs with IP addresses. It may be available starting 5.2 I am not sure. See the EFF's github here for tracking of this feature: [Feature Request]: IP address subjectAlternativeName certificates · Issue #10346 · certbot/certbot · GitHub
There are other ACME Clients that already support IP certs. Once you can get an IP cert using LE Staging you can then ask about getting early access to production IP certs. You will need to post your ACME account and explain the purpose.
One other ACME Client that supports this today is lego. This thread gives an example command: Certbot fails for IPv4 SSL creation - #13 by MikeMcQ
3 Likes
Thanx I am able to generate ssl on IP but I have a query I am not able to find my SSL on crt.sh the reason??? and I want to take the SSL on IPv6 as well, so is it same procedure for that as well. I can't comment on the thread as it already closed so asking you here
thanx!
At present, the production LE service isn't issuing IP address certificates except to a number of accounts that have early access (When will Let's Encrypt's IP certificates be officially launched? refers)
crt.sh doesn't track the LE staging service so if your certificate is from the staging service, it won't show up there - or be trusted by devices that are using normal trust stores.
IPv6 SANs can be requested in the same way as IPv4 ones and I have a couple of staging certs with both. I'm using lego to request those certs, which @MikeMcQ mentioned a couple of posts back. IPv6 addresses have more scope for excitement as they can be compressed in different ways and use upper and lower case, so unless the client knows how to convert what's in an existing certificate and in its arguments into a consistent format, it can start trying to add addresses that are already there. Lego gets this right, but I had this problem with another client. (I won't mention the name as I can't remember which one it was and it may be sorted by now, this was a few months back.)
1 Like
Thanks!
- I am trying to take SSL on same IPv6 on which i get IPv4 SSl. I m trying to revoke but it is giving error.
- May i know how can i get early access as well for production one if I m interested.
see answer here:
2 Likes