undefined | Better HN

0 pointsstavros8mo ago0 comments

Are we meant to use a domain? I've always just used the IP.

0 comments

landgenoot8mo ago

You need a domain in order to get the s in https to work

bigiain8mo ago

That's not correct.

LetEncrypt are trialling ip address https/TLS certificates right now:

https://letsencrypt.org/2025/07/01/issuing-our-first-ip-addr...

They say:

"In principle, there’s no reason that a certificate couldn’t be issued for an IP address rather than a domain name, and in fact the technical and policy standards for certificates have always allowed this, with a handful of certificate authorities offering this service on a small scale."

noduerme8mo ago

right, this was announced about two weeks ago to some fanfare. So in principle there was no reason not to do it two decades ago? It would've been nice back then. I never heard of any certificate authority offering that.

2 more replies

maxloh8mo ago

Nope. That is not correct. https://1.1.1.1/dns-query is a perfectly valid DoH resolver address I've been using for months.

Your operating system can validate the IP address of the DNS response by using the Subject Alternative Name (SAN) field within the CA certificate presented by the DoH server: https://g.co/gemini/share/40af4514cb6e

yread8mo ago

what about certificate for IP address?

landgenoot8mo ago

What about a route that gets hijacked? There is no HSTS for IP addresses.

1 more reply

federiconafria8mo ago

What about a reverse DNS lookup?

j / k navigate · click thread line to collapse