Q-Droid 1009 Posted 11 hours ago Posted 11 hours ago Is it time to explore this either in Emby core or as a plug-in if possible? https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability Quote Short-lived and IP address certificates are now generally available from Let’s Encrypt. These certificates are valid for 160 hours, just over six days. In order to get a short-lived certificate subscribers simply need to select the ‘shortlived’ certificate profile in their ACME client. 3 1
Neminem 1619 Posted 11 hours ago Posted 11 hours ago That sounds interesting, not that I need it. But is sounds a lot like DDNS + Cert.
Q-Droid 1009 Posted 10 hours ago Author Posted 10 hours ago (edited) 18 minutes ago, Neminem said: That sounds interesting, not that I need it. But is sounds a lot like DDNS + Cert. These are IP based certificates which eliminate the need for domains. I should rephrase: They eliminate the requirement of a domain name. Domain names still good but not needed. Edited 10 hours ago by Q-Droid 1
Neminem 1619 Posted 10 hours ago Posted 10 hours ago That sound really nice . Thanks for the explanation
Apotropaic 57 Posted 7 hours ago Posted 7 hours ago Interesting decision from Letsencrypt, I'm usually all-in when it comes to encrypting everything but surely this is just enabling bad actors from also enabling on the fly certs for whatever they're up to!? I know they're not the first to do this, but they are free and support automation. I can see organisations just blanket blacklisting their certs to deal with this. As for projects like emby it sounds pretty good, unless of course your IP is very dynamic
Q-Droid 1009 Posted 5 hours ago Author Posted 5 hours ago Organizations that are concerned about these IP based certs can create policies to restrict to Domain Validation (DV) or higher. They wouldn't have to blacklist the CA, ISRG in this instance. Even DV certs don't add that much protection since anyone can get a subdomain with a DDNS service or even free Cloudflare. For Emby users I see this as an option for those who rely on Emby Connect, don't have a domain and would like to benefit from end-to-end TLS/HTTPS without having to learn or follow the usual path to HTTPS. As for the rest I do see how this could open the door for bad actors against whom the only safeguard currently in place is a bad cert error in a browser or auto HTTPS failing to connect. But with free domains or options like Cloudflare some are likely presenting "valid" endpoints already. 1
darkassassin07 674 Posted 1 hour ago Posted 1 hour ago This would certainly improve security for those that don't want to setup a domain. There's been quite a few threads lately revealing servers that are publicly exposed with only http...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now