Hello As far as i know, letsencrypt does not provide certificate for public IPs. I get it that the dns challenge would be impossible, but the web challenge would work (provided you get the right target configuration, of course). The use of ip-based certificate could eliminate the effects of dns-hij…

It was planned, but for some reason (I believe more pressing matters to implement first) it was shelfed. If you search this Community, you might find an explanation from one of the Let's Encrypt staff somewhere. I don't have time currently to search myself, but I believe the desire to implement it i…

See [image] Certificates for IP addresses Feature Requests Y… and [image] Planned RFC 8738 support pulled? Feature Requests W…

I understand the reasons, and i even could see that some work had already been done by orangepizza, which would be taken into acount when the team has tome on its hand for this feature. I learnt about zerossl (i'm not happy the have access to the private key, but hey). I now know all i need. Thank…

[image] nipil: i'm not happy the have access to the private key I thought ZeroSSL supported CSRs?

[image] nipil: I learnt about zerossl (i'm not happy the have access to the private key, but hey). I now know all i need. You don't need to do it that way. [image] Osiris: I thought ZeroSSL supported CSRs? They do. But they also offer to generate the private key for you... https://hel…

[image] mholt: they also offer to generate the private key for you Presumably using JS locally in the browser, if you want to either inspect that for yourself (who has time for that?) or take their word for it (bad). :smirk:

[image] mholt: But they also offer to generate the private key for you... https://help.zerossl.com/hc/en-us/articles/360060119993-Security-Insights I would not trust that for the life of me: the encryption key seems to be stored somewhere by ZeroSSL. Try it yourself. Steps to reproduce: go…

Let's Encrypt would like to offer IP certificates at some point but there's compliance and security risks that we'd have to address, and as such it's lower priority than our other work. There's no CAA records which is a big concern. We'd have to rework a lot of our ratelimiting code which makes as…

DNS CAA Resource Record Property for IP Address Certificates This document specifies a new DNS CAA Resource Record Property that allows an IP Address holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that IP Address. …

Yeah, that draft comes from some discussions about our concerns.

Why are IP certificate not available?

Feature Requests

jvanasco April 7, 2023, 2:41pm 3

See

and

Topic		Replies	Views
Certificate for public IP without domain name Issuance Tech	85	248628	September 20, 2018
IP Address SSL Creation Issuance Policy	27	2529	March 7, 2024
Plans to support RFC 8738 Feature Requests	23	3886	April 3, 2020
Is it possible to issue certificate for IP address? Issuance Tech	13	11502	September 20, 2023
Certificate for an IP Help	4	900	June 25, 2022

Why are IP certificate not available?

Related topics