Our system uses anycast for DNS (DOH and DOT) services. We'd like to use IP authentication, since our IP addresses are useds by clients to bootstrap or directly communicate with our systems. I see a few problems with the current model that has been documented for IP address certificates, and I'm wondering if there can be a discussion on the topic. Cert time is too short. We own our own /24's and /48's for use, and we are listed as the "owners" of the address space in the RIR. It seems tha...| Let's Encrypt Community Support
In my situation, the problem isn't Manual DNS domain validation in terms of getting the acme challenge token into the zone files. Automation is not an option in my situation.| Let's Encrypt Community Support
A profile is a collection of characteristics that describe both the validation process required to get a certificate, and the final contents of that certificate. For the vast majority of Let’s Encrypt subscribers, you should never have to worry about this: we automatically select the best profile for you, and ensure that it complies with all of the requirements and best practices that govern the Web PKI. But some people might be interested in proactively selecting a specific profile, so thi...| letsencrypt.org
Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. As of this writing, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a CA and an applicant can use to...| IETF Datatracker
