Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home News
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Let's Encrypt : We Issued Our First IP Address Certificate !

xemapsxemaps Member
edited July 2025 in News

Since 1st July 2025, Let's Encrypt can issue IP Address Certificate !

To have your first IP CERTIFICATE go to staging
A good usage is Securing remote access IP like device, VPS host, RDP, ...
So good luck LETSENCRYPT !
Source LetsEncrypt.org

Thanked by 10oloke mrTom Void Fubukibox satorik Ballinwrld jolo22 mwt JohnnySac karanchoo

Comments

  • IntelpentiummIntelpentiumm Member

    Great news

    Thanked by 1xemaps
  • LeviLevi Member

    On another hand malware C&C's will also celebrate.

  • VoidVoid Member

    Make use of it while it lasts 🤣

  • therawtheraw Member

    @xemaps said:

    Since 1st July 2025, Let's Encrypt can issue IP Address Certificate !

    To have your first IP CERTIFICATE go to staging
    A good usage is Securing remote access IP like device, VPS host, RDP, ...
    So good luck LETSENCRYPT !
    Source LetsEncrypt.org

    can i wildcard 0.0.0.0/0

  • xemapsxemaps Member

    @Levi said:
    On another hand malware C&C's will also celebrate.

    There are certificates everywhere today. How would they do more damage with an SSL Letsencrypt certificate? I am curious to see your/the solution.

  • xemapsxemaps Member

    @theraw said:
    can i wildcard 0.0.0.0/0

    I suggest to try to acquire the best for you 255.255.255.255/32 :*

  • LeviLevi Member

    @xemaps said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    There are certificates everywhere today. How would they do more damage with an SSL Letsencrypt certificate? I am curious to see your/the solution.

    Now they need domain to be purchased and active. IP, especially ipv6 is unmetered resource for malice. But that’s just fud. Safely ignore. Doomer must doom.

  • kedihackerkedihacker Member

    @Levi said:

    @xemaps said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    There are certificates everywhere today. How would they do more damage with an SSL Letsencrypt certificate? I am curious to see your/the solution.

    Now they need domain to be purchased and active. IP, especially ipv6 is unmetered resource for malice. But that’s just fud. Safely ignore. Doomer must doom.

    They can just dispose of addresses after use like they don't use hacked servers for c2?

  • sillycatsillycat Member

    @Levi said:
    On another hand malware C&C's will also celebrate.

    Why would they use https? Simply useless and makes their stuff more easily detectable (see: cert transparency).

    Thanked by 3xemaps tentor cu_olly
  • LeviLevi Member

    @sillycat said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    Why would they use https? Simply useless and makes their stuff more easily detectable (see: cert transparency).

    Wait, so encryption in this case is bad?

  • kedihackerkedihacker Member

    @Levi said:

    @sillycat said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    Why would they use https? Simply useless and makes their stuff more easily detectable (see: cert transparency).

    Wait, so encryption in this case is bad?

    They can just pin a certificate which doesn't need to be publicly trusted.

    Thanked by 1sillycat
  • TimboJonesTimboJones Member

    @sillycat said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    Why would they use https? Simply useless and makes their stuff more easily detectable (see: cert transparency).

    So that it isn't easily picked off with a basic DPI firewall.

  • VoidVoid Member

    In case anyone managed to create certs for IPs, which ACME client or whatever did you use?

  • e2bs2k1e2bs2k1 Member

    @kedihacker said:

    @Levi said:

    @sillycat said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    Why would they use https? Simply useless and makes their stuff more easily detectable (see: cert transparency).

    Wait, so encryption in this case is bad?

    They can just pin a certificate which doesn't need to be publicly trusted.

    Why not just wrap in a custom encryption algo with http

  • xemapsxemaps Member

    Look here https://letsencrypt.org/docs/client-options/
    My providers generate for me, otherwise i order year ssl certs.

  • 0ka0ka Member
    edited July 2025

    @Void said: In case anyone managed to create certs for IPs, which ACME client or whatever did you use?

    https://github.com/dehydrated-io/dehydrated supports these new certificates

    download the zip of the master branch, create "config" file

    CA="letsencrypt-test"
ACME_PROFILE="shortlived"
WELLKNOWN=/var/www/html/.well-known/acme-challenge

    and run
    ./dehydrated -c -d ip:YOURIP

    your cert will be in the certs folder

    they are still in development and aren't trusted yet

    source: https://github.com/dehydrated-io/dehydrated/issues/783#issuecomment-3031888207

    Thanked by 5xemaps Void JohnnySac satorik mandala
  • let_hunterlet_hunter Member

    good news

  • kedihackerkedihacker Member

    @e2bs2k1 said:

    @kedihacker said:

    @Levi said:

    @sillycat said:

    @Levi said:
    On another hand malware C&C's will also celebrate.

    Why would they use https? Simply useless and makes their stuff more easily detectable (see: cert transparency).

    Wait, so encryption in this case is bad?

    They can just pin a certificate which doesn't need to be publicly trusted.

    Why not just wrap in a custom encryption algo with http

    Easier detection

    Thanked by 1sillycat
  • xemapsxemaps Member

    @0ka said:

    @Void said: In case anyone managed to create certs for IPs, which ACME client or whatever did you use?

    https://github.com/dehydrated-io/dehydrated supports these new certificates

    download the zip of the master branch, create "config" file

    CA="letsencrypt-test"
ACME_PROFILE="shortlived"
WELLKNOWN=/var/www/html/.well-known/acme-challenge

    and run
    ./dehydrated -c -d ip:YOURIP

    your cert will be in the certs folder

    they are still in development and aren't trusted yet

    source: https://github.com/dehydrated-io/dehydrated/issues/783#issuecomment-3031888207

    Top comment of this topic !

    Thanked by 1Void
Sign In or Register to comment.