Taggart 1d ago
Buckle up: IP address SANs coming to LetsEncrypt: https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777
Getting ready to issue IP address certificates

Is there anything public available on which IPs will be able to get certs? I mean, obviously private/reserved ranges won't be available, but how about all those "cloud" services that rent IPs by the hour (or second)? Is it expected to be "normal" that someone could release an IP back into a pool and yet still have a valid certificate for almost-a-week, or will Let's Encrypt certificates only be available for IPs that are slightly less ephemeral?

Let's Encrypt Community Support
Show threadboB Rudis πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦1d ago

@mttaggart My Captain America "language filter" will not let me respond the way I'd like to.

Pretty sure the entire LE team is on the payrolls of China/NK/RUS.

Show threadTaggart 1d ago
@hrbrmstr At least it's just for SANs, not CNs??
Show threadboB Rudis πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦1d ago
@mttaggart Modern browsers and applications validate against SAN first, then fall back to CN only if SAN is absent. Many newer implementations ignore CN entirely.
Show threadTaggart 
@hrbrmstr Fair point
Jun 25 at 6:03pmWeb