Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC8738: support for IP address SANs #9060

Closed
KazamaSion opened this issue Oct 5, 2021 · 5 comments
Closed

RFC8738: support for IP address SANs #9060

KazamaSion opened this issue Oct 5, 2021 · 5 comments
Labels
feature request needs-update priority: unplanned Work that we believe should be done, but does not have a higher priority.

Comments

@KazamaSion
Copy link

My operating system is (include version):

Alpine Linux v3.12 (Environment: Official certbot docker)

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

docker

I ran this command and it produced this output:

certbot certonly --agree-tos --manual \
  --preferred-challenges http \
  --server https://example.com/directory \
  --eab-kid abcdefg \
  --eab-hmac-key abcdefghijklmn\
  -d 1.1.1.1 -v

Requested name 1.1.1.1 is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address.

Certbot's behavior differed from what I expected because:

Should not detect if requesting IP certs while using custom ACME server.
@alexzorin
Copy link
Collaborator

Support was recently added to the acme library, but Certbot itself still does not support IP SANs.

The error message could perhaps more accurately say "Certbot does not support ...".

@alexzorin alexzorin added feature request priority: unplanned Work that we believe should be done, but does not have a higher priority. labels Oct 6, 2021
@osirisinferi osirisinferi mentioned this issue Oct 8, 2021
Closed
@github-actions
Copy link

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

@alexzorin alexzorin changed the title Still detecting if requesting IP certs while using custom ACME server RFC8738: support for IP address SANs Feb 17, 2023
@alexzorin
Copy link
Collaborator

I'm going to rename this issue, as resolving it requires implementing RFC8738 fully, and not just removing the check for the IP address. We still do not have any plans to work on this.

@github-actions GitHub Actions
Copy link

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

@github-actions GitHub Actions
Copy link

This issue has been closed due to lack of activity, but if you think it should be reopened, please open a new issue with a link to this one and we'll take a look.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request needs-update priority: unplanned Work that we believe should be done, but does not have a higher priority.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Rfc8738 support osirisinferi/certbot
2 participants
@alexzorin @KazamaSion