SSL Certs based on IP Address?

Hello, I saw this new article about LetsEncrypt.org supporting SSL Certs based on IP Addresses.

I know that this would be handy for me. It’s kinda hard for me to explain, but I based my entire infrastructure on one of my clients Domain Names, and he lost control of that domain (didn’t renew it).

I’m NOT SURE of the ramifications of this.
I’m scared to try to use a different domain name, because I don’t want to lock myself out of my google authenticator prompt, for example (it currently works).

We’ve Issued Our First IP Address Certificate

By Aaron Gable · July 1, 2025

How To Get an IP Address Cert

IP address certificates are available right now in Staging. They should be generally available in Prod later in 2025, at the same time that short-lived certificates become generally available. Prior to general availability we may allow list issuance for a limited number of partners who can provide us with feedback.

Many Let’s Encrypt client applications should already be able to request certificates for IP addresses, although there can be minor technical changes required to support this in some client software.

As a matter of policy, Let’s Encrypt certificates that cover IP addresses must be short-lived certs, valid for only about six days. As such, your ACME client must support the draft ACME Profiles specification, and you must configure it to request the shortlived profile. And, probably not surprisingly, you can’t use the DNS challenge method to prove your control over an IP address; only the http-01 and tls-alpn-01 methods can be used.

If your client software requests an IP address cert with details that aren’t compatible with these policies, the order will be rejected by the ACME server. In this case, your client application may need to be updated or reconfigured. Feel free to ask for help on the Let’s Encrypt community forum if you encounter any problems, either as a client application developer or as an end user.

1 Like

Would be cool to be able to have this, a lot of services have landing pages on there ip addresses.