←back to thread

Six day and IP address certificate options in 2025

(letsencrypt.org)
197 points SGran | 8 comments | 16 Jan 25 15:36 UTC | HN request time: 0.001s | source | bottom
1. mmastrac ◴[16 Jan 25 19:02 UTC] No.42729430[source]
Will this work for IPv6?
replies(1): >>42729618 #
2. ZiiS ◴[16 Jan 25 19:17 UTC] No.42729618[source]
Yes, a forward looking org like Let's Encrypt would have said IPv4 if needed. Here is an example from Cloudflare https://[2606:4700:4700::1111]
replies(1): >>42729813 #
3. wil421 ◴[16 Jan 25 19:33 UTC] No.42729813[source]
Why does the url say one.one.one.one in my browser?
replies(3): >>42729886 #>>42729888 #>>42729918 #
4. ◴[16 Jan 25 19:39 UTC] No.42729886{3}[source]
5. mparlane ◴[16 Jan 25 19:39 UTC] No.42729888{3}[source]
Because it returns a 301 moved permanently with a header of location: https://one.one.one.one/
6. Crosseye_Jack ◴[16 Jan 25 19:42 UTC] No.42729918{3}[source]
Because your are redirected to one.one.one.one via the location header and 301 status code from the ip address.

http://1.1.1.1 redirects to https://1.1.1.1 which then redirects to https://one.one.one.one

but the TLS cert on https://1.1.1.1 (or https://[2606:4700:4700::1111] on ipv6) is still valid for the ipaddress otherwise your browser would put up a warning during the tls handshake.

replies(1): >>42730088 #
7. ape4 ◴[16 Jan 25 19:56 UTC] No.42730088{4}[source]
Its too bad it does the last redirect.
replies(1): >>42734880 #
8. Crosseye_Jack ◴[17 Jan 25 07:07 UTC] No.42734880{5}[source]
They didn’t used to. Guess they wanted to show off their shiny one.one domain.

Also (and just speculating here), it could be they wanted to get away from promoting https://1.1.1.1 because of legacy spam filtering. But that’s just me thinking out loud as to why they would prefer the domain over the ip