Replies: 1 comment
-
|
Hey @tehmilcho, at the moment we don't support doing that using templates natively. I would strongly advise checking out if there's an option for the ACME client to obtain a certificate for an IP address, and to look into using an alternative ACME client if you really need it. The reason for that is to maintain the security properties of certificates issued using the ACME protocol, because by adding an IP through a template, for example by enriching it through a webhook, it doesn't get challenged directly. Generally that's what you want to happen before issuing a certificate through ACME. P.S.: instead of using |
Beta Was this translation helpful? Give feedback.
-
Hey there,
I setup smallstep in my homelab with acme and use certbot to request from my machines certs this works fine. But unfortunately certbot will not allow me to ad also the local IP to the Cert but I want a cert that's valid for hostname, hostname+fqdn, custom DNS(local) domain and the IP.
Is it possible to add the IP of the requester with a template to the Cert?
My current x509 template:
{
"subject": {
"organization": {{ toJson .Organization }},
"commonName": {{ index .Insecure.CR.DNSNames 0 | toJson }},
"organizationalUnit": {{ toJson .OrganizationalUnit }}
},
"sans": {{ toJson .SANs }},
"keyUsage": ["digitalSignature"],
"extKeyUsage": ["clientAuth", "serverAuth"]
}
Beta Was this translation helpful? Give feedback.
All reactions