←back to thread

Six day and IP address certificate options in 2025

(letsencrypt.org)
197 points SGran | 1 comments | 16 Jan 25 15:36 UTC | HN request time: 0s | source
Show context
mmastrac ◴[16 Jan 25 19:02 UTC] No.42729430[source]
Will this work for IPv6?
replies(1): >>42729618 #
ZiiS ◴[16 Jan 25 19:17 UTC] No.42729618[source]
Yes, a forward looking org like Let's Encrypt would have said IPv4 if needed. Here is an example from Cloudflare https://[2606:4700:4700::1111]
replies(1): >>42729813 #
wil421 ◴[16 Jan 25 19:33 UTC] No.42729813[source]
Why does the url say one.one.one.one in my browser?
replies(3): >>42729886 #>>42729888 #>>42729918 #
Crosseye_Jack ◴[16 Jan 25 19:42 UTC] No.42729918[source]
Because your are redirected to one.one.one.one via the location header and 301 status code from the ip address.

http://1.1.1.1 redirects to https://1.1.1.1 which then redirects to https://one.one.one.one

but the TLS cert on https://1.1.1.1 (or https://[2606:4700:4700::1111] on ipv6) is still valid for the ipaddress otherwise your browser would put up a warning during the tls handshake.

replies(1): >>42730088 #
ape4 ◴[16 Jan 25 19:56 UTC] No.42730088[source]
Its too bad it does the last redirect.
replies(1): >>42734880 #
1. Crosseye_Jack ◴[17 Jan 25 07:07 UTC] No.42734880{3}[source]
They didn’t used to. Guess they wanted to show off their shiny one.one domain.

Also (and just speculating here), it could be they wanted to get away from promoting https://1.1.1.1 because of legacy spam filtering. But that’s just me thinking out loud as to why they would prefer the domain over the ip