More explicit error message when certificate requested for IP address

[schoen]

The issue at

certbot/certbot#5816

suggests that Boulder's error message, at least for IPv6 addresses, is somewhat confusing because it doesn't make explicit that Boulder has understood the request and refused it for policy reasons. Could we perhaps detect when a certificate request refers to an IP address and put "Can't issue certificate for IP address" or something similar in the error detail field?

[mgrep]

Thanks for clearing it up.
So for now I can only have a secure IPv4 website and there is no way to secure my site on IPv6 at least with "let's encrypt / certbot" ?
Do you think it will change in the future as IPv6 will become more dominant ?

[cpu]

@mgrep Both Let's Encrypt and Certbot support IPv6. Let's Encrypt does not support issuing a certificate for the IPv6 or IPv4 address directly - you need to have a domain name that points to the IPv4/IPv6 address.

Please open a thread on the community forum if you need help with the above. This issue is specifically about improving the Boulder error message :-)

Thanks!

[mgrep]

Now you lost me I have all that and it still did not work, I opened an issue and the answer is that I should have a domain name pointing to IPv4 and IPv6.

host maikel.greppie.nl
maikel.greppie.nl has address 213.127.39.226
maikel.greppie.nl has IPv6 address 2001:1c00:e07:9100:46d:80a4:38b9:a8

I will open a thread in forum as it seem we do not understand each other.

[cpu]

I will open a thread in forum as it seem we do not understand each other.

Thanks! That's the best place to get help. It sounds like I'm missing some context.

[beautifulentropy]

The boulder team has decided to close this issue.