lego icon indicating copy to clipboard operation
lego copied to clipboard

Published 20 hours ago verified publisher icon go-acme

support RFC8738

Open Greyh4t opened this issue 3 years ago • 2 comments

Welcome

  • [X] Yes, I've searched similar issues on GitHub and didn't find any.

How do you use lego?

Binary

Detailed Description

When I use ZeroSSL to create a certificate for an IP address, lego gives an error

2022/05/22 22:13:29 Could not obtain certificates:
	acme: error: 400 :: POST :: https://acme.zerossl.com/v2/DV90/newOrder :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid DNS identifier [<my ip address>]

here is my command

./lego --server https://acme.zerossl.com/v2/DV90 --eab --kid <kid> --hmac <hmac> --email=<email> --domains=<my ip address> --path ./ --accept-tos --http --http.port "0.0.0.0:80" run

I found that RF8738 defines IP Identifier Validation Extension,and lego seems not support it,can you add support for it?

Greyh4t avatar May 22 '22 14:05 Greyh4t

the acme support IP SSL,but zerossl not allow request ip ssl on the acme API , so you got error

can try this https://github.com/tinkernels/zerossl-ip-cert or login zerossl.com to get it

tested it's work

ninetian avatar Aug 24 '22 07:08 ninetian

Support for IP address based certificates will become relevant for all operators of encrypted DNS services due to the requirements in DDR https://datatracker.ietf.org/doc/draft-ietf-add-ddr/ (section: 4.2 Verified Discovery).

appliedprivacy avatar Aug 28 '22 12:08 appliedprivacy

had to make new PR: visit #1838

orangepizza avatar Feb 14 '23 08:02 orangepizza