Let's Encrypt is rolling out the capability soon to issue certificates with
SAN of type iPAddress. More info here:
https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/
https://letsencrypt.org/2025/01/09/acme-profiles/
Whether this is wonderful or a terrible, bonkers idea is irrelevant here. I'm
trying to assess if the capability to issue these types of certs exists within
the capabilities of acme-client(1). It appears to require the ability to select
a "profile" during the ACME request to enforce a short-lived certificate.
Furthermore, acme-client(1) is architected around "domains" - which a cert
lacking a Common Name, Subject, and only an iPAddress SAN is at odds with.
A quick scan through the man pages and source code, my initial assessment is
"no" - though someone please correct me if I'm missing something.
Regards
Lloyd
No comments:
Post a Comment