My #letsencrypt certificates expired (again) so I had to run certbot manually (again).
I set up monitoring and alerting, because that's what a normal person would do, right?
Verwaltet von:
#letsencrypt
8 Beiträge8 Beteiligte0 Beiträge heute
We've Issued Our First IP Address Certificate
https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/
letsencrypt.orgWe've Issued Our First IP Address CertificateSince Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only a few certificate authorities have offered. Until now, they’ve had to look elsewhere, because we haven’t provided that feature.
Today, we’ve issued our first certificate for an IP address, as we announced we would in January. As with other new certificate features on our engineering roadmap, we’ll now start gradually rolling out this option to more and more of our subscribers.
»Let’s Encrypt unterstützt nun IP-Adress-Zertifikate:
[…] Doch das ändert sich nun. Seit dem 1. Juli 2025 stellt Let’s Encrypt erstmals Zertifikate aus, die direkt an IP-Adressen gebunden sind. Wie zu erwarten, sind dafür bestimmte Voraussetzungen zu erfüllen […]«
Weshalb ist dies an mir vorbei gegangen? Nun ja, nun weiss ich es über @letsencrypt dank dem Artikel von @linuxnews.
https://linuxnews.de/lets-encrypt-unterstuetzt-nun-ip-adress-zertifikate/
LinuxNews.de · Let’s Encrypt unterstützt nun IP-Adress-Zertifikate
Mehr von 
LinuxNews.de
Antwortete im Thread
@farshidhakimy @aral Absolutely — you're right, this isn’t a brand-new concept. Cloudflare's cert on https://1.1.1.1 is a great example of a legitimate use case for IP-based certificates, especially in infrastructure-focused services like public DNS.
And yes, other CAs have issued certs for IP addresses before Let's Encrypt started doing it — so it’s not unprecedented. The shift here is more about accessibility and scale. Let’s Encrypt offering free certs for public IPs means this capability is now much more widely available, even to actors who previously didn’t have the budget or motivation to go through commercial CAs.
That’s where the risk discussion comes in — not that certs for IPs are inherently bad, but that easier issuance could lower the barrier for phishing kits, command-and-control servers, or shady hosts to appear more “legitimate” with a valid HTTPS padlock, especially in contexts where URLs are masked or shortened.
So yeah, not panic-worthy — just something worth watching as it scales.
1.1.1.11.1.1.1 — The free app that makes your Internet faster.Install the free app that makes your phone’s Internet more fast, private, and reliable.
"We've Issued Our First IP Address Certificate" - Let's Encrypt
https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/
letsencrypt.orgWe've Issued Our First IP Address CertificateSince Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only a few certificate authorities have offered. Until now, they’ve had to look elsewhere, because we haven’t provided that feature.
Today, we’ve issued our first certificate for an IP address, as we announced we would in January. As with other new certificate features on our engineering roadmap, we’ll now start gradually rolling out this option to more and more of our subscribers.
Let's Encrypt hat das erste IP-Zertifikat ausgestellt! 
Das ist super praktisch für Webseiten ohne Domainnamen, Hosting-Provider oder IoT-Geräte. Es sind 6-Tage-Zertifikate, um Missbrauch zu vermeiden. Bald für alle verfügbar!
https://www.heise.de/news/Let-s-Encrypt-stellt-erstes-IP-Zertifikat-aus-10476509.html
heise online · Let's Encrypt stellt erstes IP-Zertifikat aus
Big news from Let's Encrypt! Since 2015, there have been requests for certificates for IP addresses—a rare offering among certificate authorities. Today, they've issued their first certificate for an IP address! As announced earlier this year, this feature is now being rolled out gradually to subscribers.
https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/
letsencrypt.orgWe've Issued Our First IP Address CertificateSince Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only a few certificate authorities have offered. Until now, they’ve had to look elsewhere, because we haven’t provided that feature.
Today, we’ve issued our first certificate for an IP address, as we announced we would in January. As with other new certificate features on our engineering roadmap, we’ll now start gradually rolling out this option to more and more of our subscribers.
Let’s Encrypt Begins Supporting IP Address Certificates • Linuxiac
https://linuxiac.com/lets-encrypt-begins-supporting-ip-address-certificates/
Linuxiac · Let’s Encrypt Begins Supporting IP Address CertificatesLet’s Encrypt begins issuing IP address certificates, expanding support beyond domain names to cater to specialized use cases, such as DoH and home devices.
Let’s Encrypt begins issuing IP address certificates, expanding support beyond domain names to cater to specialized use cases, such as DoH and home devices.
https://linuxiac.com/lets-encrypt-begins-supporting-ip-address-certificates/
Antwortete im Thread
@marcuwekling Großartige Idee! Ich bin (eh schon) dabei! 
#dutgemacht #ididit
Hier was ich derzeit schon so nutze:
- Eigener Mailserver #postfix #clamav #rspamd #roundcubemail #dovecot
- Notebooks auf #Linux
- #pfsense Firewall
- #thunderbird
Selber gehostete freie Dienste/Software derzeit:
- #Nextcloud
- #PaperlessNGX
- #Peertube
- #HomeAssistant
- #Mastodon
- #Matrix
- #Wordpress
Fremdgehostete freie Dienste:
- #pixelfed
- #bigbluebutton
- #letsencrypt
Leider kann ich meinen Windowsrechner noch nicht loswerden #gamer - aber das kommt bestimmt auch noch irgendwann... 
Fortgeführter Thread
Urgh I _still_ dislike dealing with TLS certs. The certificate on https://au.mirror.7bit.org/ expired earlier in the week, which was surprising because I thought I'd set everything up to automatically renew. Turns out I had, but I'd forgotten to include a Lego renew hook to restart nginx when the cert was renewed. Apparently I also didn't have monitoring of this cert (I do now) 
Why is it that only Caddy and Traefik seem to have built in ACME clients?
au.mirror.7bit.orgau.mirror.7bit.org
We see that #LetsEncrypt is now experimentally issuing IPv4 and IPv6 certs! (https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/).
This is fantastic news for people who want to set up their own #DOH or #DOT servers that support automatic encryption upgrade (DDR - https://datatracker.ietf.org/doc/rfc9462/).
We look forward to this being put into production. We wish the expiry time was a bit longer - maybe a new profile with 30 day validity? But in any case - great to see this happening. 
letsencrypt.orgWe've Issued Our First IP Address CertificateSince Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only a few certificate authorities have offered. Until now, they’ve had to look elsewhere, because we haven’t provided that feature.
Today, we’ve issued our first certificate for an IP address, as we announced we would in January. As with other new certificate features on our engineering roadmap, we’ll now start gradually rolling out this option to more and more of our subscribers.
Let's Encrypt: Nachrichten zu abgelaufenen Zertifikaten eingestellt | Security https://www.heise.de/news/Let-s-Encrypt-Nachrichten-zu-abgelaufenen-Zertifikaten-eingestellt-10465769.html #LetsEncrypt
heise online · Let's Encrypt: Nachrichten zu abgelaufenen Zertifikaten eingestellt
Has anyone figured out how to configure #traefik to acquire certs for IP addresses with ACME? #letsencrypt
#Development #Announcements
Our first IP address certificate · Let’s Encrypt starts rolling out the new option https://ilo.im/16530s
_____
#LetsEncrypt #CA #IpAddress #Certificate #SSL #TLS #HTTPS #WebDev #Frontend #Backend
ilo.imWe've Issued Our First IP Address CertificateSince Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only a few certificate authorities have offered. Until now, they’ve had to look elsewhere, because we haven’t provided that feature.
Today, we’ve issued our first certificate for an IP address, as we announced we would in January. As with other new certificate features on our engineering roadmap, we’ll now start gradually rolling out this option to more and more of our subscribers.
#LetsEncrypt ends certificate expiry emails to cut costs, boost #privacy
LetsEncrypt – Expiration Notification Service Has Ended
https://letsencrypt.org/2025/06/26/expiration-notification-service-has-ended/
letsencrypt.orgExpiration Notification Service Has EndedSince its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us via the ACME API. This service ended on June 4, 2025. The decision to end the service is the result of the following factors:
Over the past 10 years more and more of our subscribers have been able to put reliable automation into place for certificate renewal. Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records.
How to Install Centmin Mod on #AlmaLinux #VPS (5 Minute Quick-Start Guide) Here's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
What is Centmin Mod?
Centmin Mod is a shell-based, menu-driven installer that automates the deployment of a LEMP (Linux, Nginx, MariaDB/MySQL, PHP-FPM) stack on CentOS, AlmaLinux, and Rocky Linux servers. Designed for efficiency and performance, it ...
Continued 
https://blog.radwebhosting.com/how-to-install-centmin-mod-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #centminmod #letsencrypt #php #csf
RadWeb, LLC · How To Install Centmin Mod On AlmaLinux VPS (5 Minute Quick-Start Guide) - VPS Hosting Blog | Dedicated Servers | Reseller HostingHere's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
Antwortete im Thread
@aral wrote: "If your friends and family are trying to phish you, you have bigger problems."
Phishing means that an adversary *claiming to be* someone you know (including friends and family) convinces you to click on a link.
The purpose of a certificate, telling a receiver *WHO* (human readable) owns the associated private key (the last resort to distinguish between fake and authentic), now has completely vanished.
As if phishing is not already the nr. 1 problem on the internet.
Note: I'm fine with the idea provided that browsers clearly inform users about the reliability of authenticity (I've read your article, did you read https://infosec.exchange/@ErikvanStraten/113079966331873386 ?)
Infosec ExchangeErik van Straten (@ErikvanStraten@infosec.exchange)Inhaltswarnung: (long) Wrong order: RPKI first - WebPKI never?