I found some old topics discussing how these had been disallowed since they were seen to be somewhat equivalent to verifying ownership of IPs, which was not allowed. Now that six day certs will allow IPs, could rdns zones be considered as well?
I'm struggling to see what you think the two have to do with each other. Six-day certificates are, well, certificates. RDNS (typically PTR records) are DNS records. The two really have nothing at all to do with each other. Could you explain what connection you see between them?
1 Like
What kind of service are you planning to "host" on *.in-addr-arpa/ip6.arpa that would need a certificate?
That space normally only has PTR records (and delegations leading to them), no TLS or x.509 involved.
2 Likes
To clarify, I mean issuing certificates for in-addr.arpa/ip6.arpa domains.
This is true, but you can technically put whatever you want on them. And some other CAs allow issuing certs for them (like cloudflare)
Do you have anything specific in mind? Or mere curiosity?
2 Likes
My personal interest is just due to some easter-egg type things I have on some reverse zones, not anything very serious. But as long as browsers are happy to load websites on .arpa domains (which they currently are), I feel like it's reasonable to want the same security/authenticity guarantees you'd get from any other website.
1 Like
I don't think LE do that but if you are looking for other CA to do that don't expect it'd last long, windows are closing.
ballets effective date (if passed) is 2025-09-15, and I think it'd pass as it was already discussed in their F2F meeting.
5 Likes