"Getting ready to issue IP address certificates" - LetsEncrypt

Looks like LetsEncrypt will soon start issuing IP address certificates:

Getting ready to issue IP address certificates - Issuance Tech - Let’s Encrypt Community (See also HN discussion.)

Thoughts?

The first thing that came to my mind is that if Caddy requests IP certs by default and supports ESNI/ECH, then Caddy could be among the first human-scale SNI web servers to support https connections where all its domains are kept private.

IP certs will be interesting for sure.

I’m not sure I follow entirely: can you elaborate?

Note that: Caddy already obtains certificates for IP addresses (currently it issues them itself, using its internal issuer, unless configured otherwise). ECH can’t be enabled by default since it requires DNS provider credentials.