(community.letsencrypt.org)

315 points Bogdanp | 1 comments | 25 Jun 25 16:21 UTC | HN request time: 0.206s | source

Show context

mocko ◴[25 Jun 25 17:16 UTC] No.44379696[source]▶

I can see how this would work on a technical level but what's the intended use case?

replies(13): >>44379710 #>>44379735 #>>44379778 #>>44379786 #>>44379885 #>>44379946 #>>44380155 #>>44380377 #>>44380579 #>>44380856 #>>44381151 #>>44381389 #>>44386646 #

szszrk ◴[25 Jun 25 17:44 UTC] No.44379946[source]▶

>>44379696 #

Sometimes you want to have valid certs while your dns is undergoing major redesign. For instance to keep your dashboards available, or to be triple sure no old automation will fail due to dns issues.

In other cases dns is just not needed at all. You might prefer simplicity, independence from dns propagation, so you will have your, say, Cockpit exposed instantly on a test env.

Only our imagination limits us here.

replies(1): >>44380116 #

Hizonner ◴[25 Jun 25 18:00 UTC] No.44380116[source]▶

>>44379946 #

So go to keys-are-names.

There's no reason AT ALL to bring IP addresses into the mix.

replies(2): >>44380212 #>>44382552 #

1. nine_k ◴[25 Jun 25 22:55 UTC] No.44382552[source]▶

>>44380116 #

Consider Wireguard: it works at IP level, but gives you identity by crypto key. You can live without proper DNS in a small internal network.

(This obviously lives well without the IP certs under discussion.)

↑

Getting ready to issue IP address certificates