Wayback Machine shows as of 2021-01-25, Let's Encrypt still planned to implement RFC 8738 to issue certs against IP addresses as well as domains. This feature has now been removed from the Upcoming Features page. Is support for this feature still planned, or was it released somewhere and I didn't notice? If not planned/released, why was it pulled?
We recently explored what it would take to support IP address validation - cost to implement, risks, and value to subscribers. We decided that it doesn't make sense to prioritize the work over other important projects any time soon so we removed it from our roadmap.
I know there are some people out there that want this and this is a disappointing decision. The feature is not entirely off of our radar, we may revisit it in the future, but since we aren't actually planning to do it soon we thought it best not to communicate about it as an upcoming feature any more.
May I suggest an improvement in communications for the future? Perhaps it would have been better to "shelve" the feature with this explanation on the upcoming features page or perhaps somewhere else. I think transparency is ALWAYS the better option in stead of just deleting things and have the Community finding out for themselves with only questions.. And thus this thread.
@jple Weren't you the LE Communications Specialist or am I remembering things wrongly? Perhaps the LE staff needs a Communications How-To refresher
IMHO, the problem with the messaging on this is less about "Transparency" and more about "Managing Expectations". The odd thing, in this scenario, is that you were trying to better manage expectations of everyone who had not yet seen that page.
We have decided not to pursue IP address validation, at least in the near-mid future. There are a lot of unknowns that might cause this to be a much bigger project than we initially thought and we are not going to be able to prioritize that exploration over other projects, at least over the next year or so. We might reconsider some time in 2022.
Thank you all for the quick replies and clarification. I look forward to seeing this implemented in the future. For anyone arriving here looking for an alternative, the ZeroSSL API (non-ACME) can provide certs for IP addresses. This is the only working solution I have currently found.