{"id":5150,"date":"2026-01-19T19:36:54","date_gmt":"2026-01-19T10:36:54","guid":{"rendered":"https:\/\/matoken.org\/blog\/?p=5150"},"modified":"2026-01-19T19:36:56","modified_gmt":"2026-01-19T10:36:56","slug":"lets-encrypts-short-term-certificates-and-ip-address-certificates","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2026\/01\/19\/lets-encrypts-short-term-certificates-and-ip-address-certificates\/","title":{"rendered":"Let&#8217;s Encrypt \u306e\u77ed\u671f\u8a3c\u660e\u66f8\u3068IP\u8a3c\u660e\u66f8\u3092\u5c11\u3057\u8a66\u3059"},"content":{"rendered":"<div id=\"preamble\">\n<div class=\"sectionbody\">\n<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"48\" height=\"48\" viewBox=\"0 0 32 32\"><path fill=\"currentColor\" d=\"M24.26 32H7.739a1.28 1.28 0 0 1-1.281-1.281V18.495c0-.708.573-1.286 1.281-1.286h1.552v-1.974c0-3.698 3.01-6.708 6.708-6.708s6.708 3.01 6.708 6.708v1.974h1.552c.708 0 1.281.578 1.281 1.286v12.224A1.28 1.28 0 0 1 24.259 32zm-7.421-6.76c1.521-.859.911-3.182-.839-3.182c-1.745.005-2.354 2.318-.839 3.182v1.656c0 1.115 1.677 1.115 1.677 0zm-3.698-8.032h5.724v-1.974c0-1.578-1.286-2.859-2.865-2.859s-2.859 1.281-2.859 2.859zm-7.078-1.817H2.079c-.651 0-1.172-.526-1.172-1.172s.521-1.172 1.172-1.172h3.984c.646 0 1.172.526 1.172 1.172s-.526 1.172-1.172 1.172M8.87 9.12a1.14 1.14 0 0 1-.74-.271L4.974 6.255a1.166 1.166 0 0 1-.156-1.646a1.166 1.166 0 0 1 1.646-.161L9.62 7.042c.849.698.349 2.078-.75 2.073zM16 6.359a1.174 1.174 0 0 1-1.172-1.172V1.171c0-.646.526-1.172 1.172-1.172s1.172.526 1.172 1.172v4.016c0 .646-.526 1.172-1.172 1.172m7.13 2.761c-1.104 0-1.599-1.38-.75-2.078l3.156-2.594c1.208-.99 2.693.818 1.49 1.813L23.87 8.855a1.16 1.16 0 0 1-.74.266zm6.792 6.271h-4.021c-.651 0-1.172-.526-1.172-1.172s.521-1.172 1.172-1.172h4.021c.651 0 1.172.526 1.172 1.172s-.521 1.172-1.172 1.172\"\/><\/svg><!-- cib:lets-encrypt --><\/p>\n<div class=\"paragraph\">\n<p>\u7121\u6599\u3067\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3067\u304d\u308bLet&#8217;s Encrypt \u3067\u77ed\u671f\u8a3c\u660e\u66f8\u3068 IP \u30a2\u30c9\u30ec\u30b9\u8a3c\u660e\u66f8\u306e\u4e00\u822c\u63d0\u4f9b\u304c\u958b\u59cb\u3055\u308c\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n<div class=\"quoteblock\">\n<blockquote>\n<div class=\"paragraph\">\n<p>Short-lived and IP address certificates are now generally available from Let\u2019s Encrypt. These certificates are valid for 160 hours, just over six days. In order to get a short-lived certificate subscribers simply need to select the \u2018shortlived\u2019 certificate profile in their ACME client.<\/p>\n<\/div>\n<\/blockquote>\n<div class=\"attribution\">\n&#8212; <a href=\"https:\/\/letsencrypt.org\/2026\/01\/15\/6day-and-ip-general-availability\">6-day and IP Address Certificates are Generally Available &#8211; Let&apos;s Encrypt<\/a>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>\u8208\u5473\u304c\u3042\u308b\u306e\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n<p><!--more--><\/p>\n<div class=\"paragraph\">\n<p>certbot \u30b3\u30de\u30f3\u30c9\u3067\u8a66\u305d\u3046\u3068\u601d\u3063\u305f\u306e\u3067\u3059\u304c\uff0cDebian package\u7248\u306ecertbot \u306funstable \u3067\u30824.0.0 \u3067\u5bfe\u5fdc\u3057\u3066\u3044\u307e\u305b\u3093\uff0e<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ certbot --ip-address\nusage:\n  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...\n\nCertbot can obtain and install HTTPS\/TLS\/SSL certificates.  By default,\nit will attempt to use a webserver both for obtaining and installing the\ncertificate.\ncertbot: error: unrecognized arguments: --ip-address\n$ certbot --version\ncertbot 4.0.0\n$ rmadison certbot\ncertbot    | 1.12.0-2      | oldoldstable | all\ncertbot    | 2.1.0-4       | oldstable    | all\ncertbot    | 4.0.0-2       | stable       | all\ncertbot    | 4.0.0-2       | testing      | all\ncertbot    | 4.0.0-2       | unstable     | all<\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>2\u65e5\u524d\u306e 58724f6 \u3067Commit \u3055\u308c\u3066\u3044\u308b\u3088\u3046\u3067\u3059\uff0e<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/github.com\/certbot\/certbot\/commit\/58724f68ec46c57dd3c3c8ed4ae686c2d7ad893b\">Add CLI flag &#8211;ip-address (#10495) \u00b7 certbot\/certbot@58724f6<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p>\u3068\u3044\u3046\u3053\u3068\u3067Developer Guide \u3092\u898b\u306a\u304c\u3089source \u304b\u3089\u5c0e\u5165\u3057\u3066\u8a66\u3057\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/eff-certbot.readthedocs.io\/en\/stable\/contributing.html\">Developer Guide \u2014 Certbot 5.2.2 documentation<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">certbot \u3092source \u304b\u3089build<\/div>\n<div class=\"content\">\n<pre>$ sudo apt install python3-dev python3-venv libaugeas-dev gcc <b class=\"conum\">(1)<\/b>\n$ git clone https:\/\/github.com\/certbot\/certbot <b class=\"conum\">(2)<\/b>\n$ cd certbot\n$ git log --pretty=oneline -1\n58724f68ec46c57dd3c3c8ed4ae686c2d7ad893b (HEAD -&gt; 58724f6) Add CLI flag --ip-address (#10495)\n$ python3 tools\/venv.py <b class=\"conum\">(3)<\/b>\n$ source venv\/bin\/activate <b class=\"conum\">(4)<\/b>\n$ which certbot\n\/home\/matoken\/src\/certbot\/venv\/bin\/certbot\n$ certbot --version\ncertbot 5.3.0.dev0<\/pre>\n<\/div>\n<\/div>\n<div class=\"colist arabic\">\n<ol>\n<li>\n<p>\u4f9d\u5b58\u30d1\u30c3\u30b1\u30fc\u30b8\u5c0e\u5165<\/p>\n<\/li>\n<li>\n<p>source \u5165\u624b<\/p>\n<\/li>\n<li>\n<p>build<\/p>\n<\/li>\n<li>\n<p>certbot\u74b0\u5883\u306b\u5165\u308b<\/p>\n<\/li>\n<\/ol>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u4eca\u56de\u4f7f\u3046\u30aa\u30d7\u30b7\u30e7\u30f3\u306ehelp<\/div>\n<div class=\"content\">\n<pre>$ certbot help all | grep -A2 -- --ip-address\n  --ip-address IP_ADDRESSES\n                        IP addresses to include. For multiple IP addresses you\n                        can use multiple --ip-address flags. All IP addresses\n                        will be included as Subject Alternative Names on the\n                        certificate. (default: [])\n$ certbot help all | grep -A8 -- --preferred-profile\n  --preferred-profile PREFERRED_PROFILE\n                        Request the given profile name from the ACME server,\n                        or fallback to default. If the given profile name\n                        exists in the ACME directory, use it to request a a\n                        certificate. Otherwise, fall back to requesting a\n                        certificate without a profile (which means the CA will\n                        use its default profile). This allows renewals to\n                        succeed even if the CA deprecates and removes a given\n                        profile. (default: None)<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">IP\u30a2\u30c9\u30ec\u30b9\u8a3c\u660e\u66f8\u3092\u53d6\u5f97<\/div>\n<div class=\"content\">\n<pre>$ sudo bash -c \"source venv\/bin\/activate &amp;&amp; certbot certonly --ip-address 84.247.152.162 --preferred-profile shortlived\"<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u51fa\u6765\u4e0a\u304c\u3063\u305f\u8a3c\u660e\u66f8\u3092\u78ba\u8a8d<\/div>\n<div class=\"content\">\n<pre>$ sudo cat \/etc\/letsencrypt\/live\/84.247.152.162\/cert.pem | openssl x509 -noout -issuer -subject -dates\nissuer=C=US, O=Let's Encrypt, CN=YE2\nsubject=\nnotBefore=Jan 18 23:06:01 2026 GMT\nnotAfter=Jan 25 15:06:00 2026 GMT\n$ sudo cat \/etc\/letsencrypt\/live\/84.247.152.162\/cert.pem | openssl x509 -noout -text\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            06:e7:4e:65:fe:41:f7:9b:9e:38:12:12:64:13:85:b4:f3:dd\n        Signature Algorithm: ecdsa-with-SHA384\n        Issuer: C=US, O=Let's Encrypt, CN=YE2\n        Validity\n            Not Before: Jan 18 23:06:01 2026 GMT\n            Not After : Jan 25 15:06:00 2026 GMT\n        Subject:\n        Subject Public Key Info:\n            Public Key Algorithm: id-ecPublicKey\n                Public-Key: (256 bit)\n                pub:\n                    04:d9:d9:68:d2:fe:7b:09:0d:c4:97:1e:fc:e4:1e:\n                    65:50:90:cc:63:ec:6a:98:a3:5c:77:b6:d0:33:f5:\n                    4d:8f:ec:38:d5:e8:1d:01:75:fb:d6:93:15:b9:f3:\n                    f8:7e:a4:a9:7b:bf:d7:4d:a3:5e:d0:ca:8f:74:e5:\n                    7a:98:bc:8e:9e\n                ASN1 OID: prime256v1\n                NIST CURVE: P-256\n        X509v3 extensions:\n            X509v3 Key Usage: critical\n                Digital Signature\n            X509v3 Extended Key Usage:\n                TLS Web Server Authentication\n            X509v3 Basic Constraints: critical\n                CA:FALSE\n            X509v3 Authority Key Identifier:\n                B9:59:F2:8E:CF:22:F0:86:D3:37:48:FF:76:14:18:BA:82:D8:55:87\n            Authority Information Access:\n                CA Issuers - URI:http:\/\/ye2.i.lencr.org\/\n            X509v3 Subject Alternative Name: critical\n                IP Address:84.247.152.162\n            X509v3 Certificate Policies:\n                Policy: 2.23.140.1.2.1\n            X509v3 CRL Distribution Points:\n                Full Name:\n                  URI:http:\/\/ye2.c.lencr.org\/94.crl\n\n            CT Precertificate SCTs:\n                Signed Certificate Timestamp:\n                    Version   : v1 (0x0)\n                    Log ID    : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:\n                                DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21\n                    Timestamp : Jan 19 00:04:31.276 2026 GMT\n                    Extensions: none\n                    Signature : ecdsa-with-SHA256\n                                30:45:02:20:19:47:12:58:F2:D7:9C:08:A5:0D:C0:5B:\n                                F0:E7:DF:73:0F:64:77:B2:39:39:A4:3C:A1:D3:F0:39:\n                                4E:7B:0D:91:02:21:00:87:BA:CE:E6:6E:F6:D3:52:D2:\n                                BC:C4:ED:BE:26:6F:DE:BC:B7:17:5F:B6:47:4A:82:75:\n                                A9:95:56:A0:68:FD:1F\n                Signed Certificate Timestamp:\n                    Version   : v1 (0x0)\n                    Log ID    : E3:23:8D:F2:8D:A2:88:E0:AA:E0:AC:F0:FA:90:C9:85:\n                                F0:B6:BF:F5:D2:A5:27:B0:01:FC:1C:44:58:C4:B6:E8\n                    Timestamp : Jan 19 00:04:31.523 2026 GMT\n                    Extensions: 00:00:05:00:2F:CD:F8:E5\n                    Signature : ecdsa-with-SHA256\n                                30:46:02:21:00:CD:4B:99:89:27:23:A9:B5:4E:68:D9:\n                                A0:59:63:45:F5:8F:6A:5C:1F:C2:39:24:AF:60:E4:25:\n                                FF:E6:53:08:4E:02:21:00:DE:9F:73:AB:35:BC:7D:5D:\n                                E7:7A:CB:DE:A7:25:FE:2E:09:A3:2A:33:6E:3B:E4:4E:\n                                D7:AD:67:B9:02:E5:36:B8\n    Signature Algorithm: ecdsa-with-SHA384\n    Signature Value:\n        30:64:02:30:09:90:c5:7b:2d:7c:21:7e:7a:21:77:3a:2d:8e:\n        cd:a1:4d:d1:5e:08:2f:8c:e7:b9:ad:19:39:33:d7:67:41:76:\n        68:39:26:f5:cf:8e:4d:42:5e:cf:45:69:e2:8a:18:ef:02:30:\n        2b:7f:6c:90:27:d1:e5:b1:dd:a2:2a:cb:20:d4:8c:27:0c:7c:\n        6d:9b:06:c8:52:bd:23:d6:aa:83:61:f5:13:fd:77:55:e9:ab:\n        29:e2:bd:82:84:4d:4f:81:4b:3b:76:8a<\/pre>\n<\/div>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u6709\u52b9\u671f\u9650\u306e\u6642\u9593\u3092\u78ba\u8a8d<\/div>\n<div class=\"content\">\n<pre>$ echo $(( $( date +%s --date 'Jan 25 15:06:00 2026 GMT' ) - $( date +%s --date='Jan 18 23:06:01 2026 GMT' ) )) <b class=\"conum\">(1)<\/b>\n575999\n$ echo $((160*60*60)) <b class=\"conum\">(2)<\/b>\n576000<\/pre>\n<\/div>\n<\/div>\n<div class=\"colist arabic\">\n<ol>\n<li>\n<p>notBefore \u3068 notAfter \u306e\u9593\u306e\u79d2\u6570\u3092\u78ba\u8a8d<\/p>\n<\/li>\n<li>\n<p>160\u6642\u9593\u3092\u79d2\u6570\u306b\u5909\u63db<\/p>\n<\/li>\n<\/ol>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"title\">\u74b0\u5883<\/div>\n<div class=\"content\">\n<pre>$ git log --pretty=oneline -1\n58724f68ec46c57dd3c3c8ed4ae686c2d7ad893b (HEAD -&gt; 58724f6) Add CLI flag --ip-address (#10495)\n$ dpkg-query -W python3-dev python3-venv libaugeas-dev gcc\ngcc     4:14.2.0-1\nlibaugeas-dev:amd64     1.14.1-1+b3\npython3-dev     3.13.5-1\npython3-venv    3.13.5-1\n$ lsb_release -dr\nDescription:    Debian GNU\/Linux 13 (trixie)\nRelease:        13\n$ arch\nx86_64<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u7121\u6599\u3067\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3067\u304d\u308bLet&#8217;s Encrypt \u3067\u77ed\u671f\u8a3c\u660e\u66f8\u3068 IP \u30a2\u30c9\u30ec\u30b9\u8a3c\u660e\u66f8\u306e\u4e00\u822c\u63d0\u4f9b\u304c\u958b\u59cb\u3055\u308c\u307e\u3057\u305f\uff0e Short-lived and IP address certificates are n [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":""},"categories":[7,6,1231],"tags":[324,1262,257],"class_list":["post-5150","post","type-post","status-publish","format-standard","hentry","category-debian-linux","category-linux","category-trixie","tag-certbot","tag-certificates","tag-letsencrypt"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/5150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=5150"}],"version-history":[{"count":3,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/5150\/revisions"}],"predecessor-version":[{"id":5153,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/5150\/revisions\/5153"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=5150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=5150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=5150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}