Comment by ivanr

1 day ago

As already noted on this thread, you can't use certbot today to get an IP address certificate. You can use lego [1], but figuring out the exact command line took me some effort yesterday. Here's what worked for me:

    lego --domains 206.189.27.68 --accept-tos --http --disable-cn run --profile shortlived

[1] https://go-acme.github.io/lego/

7 comments

ivanr

btown 8 hours ago

Work for this in Certbot is ongoing here, with some initial work already merged, but much to go. https://github.com/certbot/certbot/issues/10346

https://github.com/certbot/certbot/pull/10370 showed that a proof of concept is viable with relatively few changes, though it was vibe coded and abandoned (but at least the submitter did so in good faith and collaboratively) :/ Change management and backwards compatibility seem to be the main considerations at the moment.

certchecksh 8 hours ago

Thank you for posting the lego command!

It allowed me to quickly obtain a couple of IP certificates to test with. I updated my simple TLS certificate checker (https://certcheck.sh) to support checking IP certificates (IPv4 only for now).

Svoka 1 day ago

I wonder if the support made it to Caddy yet

(seems to be WIP https://github.com/caddyserver/caddy/issues/7399)

mholt 1 day ago

It works, but as another comment mentioned there may be quirks with IP certs, specifically IPv6, that I hope will be fixed by v2.11.
jsheard 1 day ago

IPv4 certs are already working fine for me in Caddy, but I think there's some kinks to work out with IPv6.

AI-love 5 hours ago

Thx!! Love