Who benefits from this? Even though Let’s Encrypt stresses that most site operators will do fine sticking with ordinary domain certificates, there are still scenarios where a numeric identifier is the only practical choice:

Infrastructure services such as DNS-over-HTTPS (DoH) – where clients may pin a literal IP address for performance or censorship-evasion reasons.
IoT and home-lab devices – think network-attached storage boxes, for example, living behind static WAN addresses.
Ephemeral cloud workloads – short-lived back-end servers that spin up with public IPs faster than DNS records can propagate.
  • Melmi@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    4 days ago

    I don’t see how? Normal HTTP/TLS validation would still apply so you’d need port forwarding. You can’t host anything on the CGNAT IP so you can’t pass validation and they won’t issue you a cert.

    • squaresinger@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      4 days ago

      You can totally host something on carrier-grade NAT using techniques like NAT hole punching.