Comment by meling
1 day ago
If I can use my DHCP assigned IP, will this allow me to drop having to use self-signed certificates for localhost development?
1 day ago
If I can use my DHCP assigned IP, will this allow me to drop having to use self-signed certificates for localhost development?
No, they will only give out certificates if you can prove ownership of the IP, which means it being publicly routable.
Finally a reason to adopt IPv6 for your local development
Yes, please publish the location of your dev servers in Cert Transparency logs for everyone to see.
A lot of publicly routable IP addresses are assigned by DHCP...
It's just control isn't it, not ownership? I can't prove ownership of the IPs assigned to me, but I can prove control.
Yes that’s correct
Sorry, I wasn’t precise enough. I’m at a university and our IP addresses are publicly routable, I think.
Browsers consider ‘localhost’ a secure context without needing https
For local /network/ development, maybe, but you’d probably be doing awkward hairpin natting at your router.
it's nice to be able to use https locally if you're doing things with HTTP/2 specifically.
What's stopping you from creating a "localhost.mydomain.com" DNS record that initially resolves to a public IP so you can get a certificate, then copying the certificate locally, then changing the DNS to 127.0.0.1?
Other than basically being a pain in the ass.
One can also use the DNS-01 challenge in that scenario.