Our system uses anycast for DNS (DOH and DOT) services. We'd like to use IP authentication, since our IP addresses are useds by clients to bootstrap or directly communicate with our systems. I see a few problems with the current model that has been documented for IP address certificates, and I'm wondering if there can be a discussion on the topic. Cert time is too short. We own our own /24's and /48's for use, and we are listed as the "owners" of the address space in the RIR. It seems tha...| Let's Encrypt Community Support
The word "only" is doing a lot of heavy lifting in your sentence, but yes I think that's what this thread is requesting. Maybe subsumed in your "extend ACME and CA/B" is that it'd take a lot of effort to get CAs on board. And I don't see commercial CAs getting excited about something unless they could charge a lot for it. And non-profit CAs like Let's Encrypt have enough on their plates just trying to keep HTTPS going. All of which is why I was suggesting someone would need to put together so...| Let's Encrypt Community Support
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help. My domain is: https://mobilise.alzheimersresearchuk.org/ I ran this command: certbot renew -v It produced this output: Saving debug log to /var/log/let...| Let's Encrypt Community Support
We're almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the shortlived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. Please note: We have more work to do before we're ready to launch this feature for the public. We don't yet have a timeline, and aren't ready to accept allowlist requests. Here's a sample staging certificate, and a site using it: abadcafe.tx...| Let's Encrypt Community Support
