Let's Encrypt makes free security certificates available for IP addresses
We’re all familiar with the idea of TLS/SSL security certificates that verify the identity of a website and ensure trust and security on the web by confirming that the site you’re visiting is what it says it is.
Usually these relate to the domain name of the site, since that’s how most people gain access, indeed if you type in the underlying IP address instead you’ll often get an error because of the lack of a certificate.
While it’s possible to get a certificate for an IP address they usually cost money -- up to $90 per year. Now though Let’s Encrypt has started issuing digital certificates for IP addresses for free.
There are good reasons why we normally use domain names, mainly because IP addresses can be dynamic and also because site owners may change their hosting platform or back end software, resulting in a different address for the same site name.
As Aaron Gable, principal engineer at Let's Encrypt, explains on the company’s blog, “Internet service operators don’t expect that end users will ever intentionally connect to their sites directly by IP address. In some cases, when an IP address is shared by different websites or different devices, connecting by IP address alone wouldn’t even work properly. In that case, there’s not much benefit to obtaining a certificate for the IP address!”
So why, you ask, might you want a certificate for an IP address? For big organizations it’s a way to provide a landing page should someone type a well known address into their browser--– good examples here being Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1 addresses.
Access via an IP address can also be handy for things that you don’t want to be public, like network-attached storage servers, or securing short-term connections for server administration or interconnection. Short-term is key here because Let’s Encrypt IP certificates only have a six-day life. Rapid expiry of certificates is set to become the industry norm soon anyway as it reduces the risk should an attacker set up a face certificate.
IP address certificates are available now in Let’s Encrypt’s Staging Environment and are set to become generally available later in the year. You can read more on the company’s blog.
Image credit: funtap/depositphotos.com