@letsencrypt Hey.

@waldi @winniehell To be fair, the use case "I want to create a cert for a hostname that points to 127.0.0.1" is not that easy, as it requires to be able to have certbot or whatever client to be able to make DNS changes, as authorization over HTTP(S) is oblivious not possible.

One alternative solution would be to have the cert created on a internet host and DNS points to that, but then use that locally and use hosts file to override the IP on DNS with 127.0.0.1.

@wonka @waldi @benbe In the view of the one certificate at crt.sh you could have just clicked on "X509v3 Subject Key Identifier" to get to the list at https://crt.sh/?ski=31b4a0eddb482696ca72ef495f0d1b0e3fbd5386

@wonka @waldi @benbe

The discussion in that project in https://github.com/Upinel/localhost.direct/issues/18 is wild. Such a total lack of understanding the policies. The author - who surely had good intentions - seems to think that the issue was that the key was shared openly and not in a password "protected" ZIP file.

But looks like someone has indeed used the revocation process like 45 minutes ago, it is shown as revoked at 20:31:51 UTC.