I completely forget about that announcement. Is that already available as GA? Because that blog post was just a teaser for the whole 2025 and I can't see docs about it at first glance.
Thats a pretty recent change, only 2 months ago. I wasnt aware of that, and you usually wont find that woth other CAs.
Im not sure i like the public internet with ip certs. I do it at home because sometimes dns be down and have some good internal uses. But, shouldnt be public. Imagine firing up a /24 on linode, requesting certs on every ip, then releasing the ips, and saving the certs. Another linode account would later get an ip in that range, and then you can freely mitm the linode site by ip. Im making a number of 'magical' things in between this, of course, but, it seems allowing an IP from a public CA could be a terrible thing. The only saving grace in this case is the short lifetime of the certs, however, im not a fan of that either.
As an aside, im starting to get squinty eyes relating to LE, both things they announce in that article, are things that greatly affect the internet at large. I see it as something google would pull to ensure dominance by lock-in. Sorry you can no longer change SSL providers because certs only live a few minutes now, and of course you cant afford to not have a cert or no one will see your site. Im exaggerating slightly, but these changes are not something i think should be allowed, and LE shouldve listened to everyone yelling. Sure, allow down to 6 day certs, but that will surely become the maximum soon.
I completely forget about that announcement. Is that already available as GA? Because that blog post was just a teaser for the whole 2025 and I can't see docs about it at first glance.
Thats a pretty recent change, only 2 months ago. I wasnt aware of that, and you usually wont find that woth other CAs.
Im not sure i like the public internet with ip certs. I do it at home because sometimes dns be down and have some good internal uses. But, shouldnt be public. Imagine firing up a /24 on linode, requesting certs on every ip, then releasing the ips, and saving the certs. Another linode account would later get an ip in that range, and then you can freely mitm the linode site by ip. Im making a number of 'magical' things in between this, of course, but, it seems allowing an IP from a public CA could be a terrible thing. The only saving grace in this case is the short lifetime of the certs, however, im not a fan of that either.
As an aside, im starting to get squinty eyes relating to LE, both things they announce in that article, are things that greatly affect the internet at large. I see it as something google would pull to ensure dominance by lock-in. Sorry you can no longer change SSL providers because certs only live a few minutes now, and of course you cant afford to not have a cert or no one will see your site. Im exaggerating slightly, but these changes are not something i think should be allowed, and LE shouldve listened to everyone yelling. Sure, allow down to 6 day certs, but that will surely become the maximum soon.
Not yet, but coming soon.