Add ACME profile support for IP address certificates by nekohasekai · Pull Request #3958 · SagerNet/sing-box

nekohasekai · 2026-03-26T07:19:44Z

Summary

Auto-select shortlived ACME profile for Let's Encrypt when domain list contains IP addresses, fixing rejectedIdentifier errors
Expose profile option for manual override (custom CA servers)
Applied to both new certificate provider path and deprecated inline ACME path

Test plan

Configure ACME with an IP address identifier against Let's Encrypt and verify the order succeeds
Configure ACME with domain-only identifiers and verify no profile is set (default behavior unchanged)
Configure ACME with explicit profile field and verify it takes precedence over auto-detection

Auto-select `shortlived` profile for Let's Encrypt when domain list contains IP addresses. Expose `profile` option to allow manual override for custom CA servers.

Replace certmagic with a fork that strips brackets from bare IPv6 addresses in the HTTP Host header, fixing HTTP-01 challenge matching for IPv6 literal address certificates. Fixes #3964

nekohasekai force-pushed the testing branch from ecf194b to fd09582 Compare March 26, 2026 08:49

nekohasekai force-pushed the fix-acme-http-tls-challenge branch 2 times, most recently from 4143800 to 0f39c10 Compare March 29, 2026 06:48

nekohasekai added 6 commits March 30, 2026 23:21

Add MAC and hostname rule items

04c0490

Add Android support for MAC and hostname rule items

45339d1

Add macOS support for MAC and hostname rule items

eeb5dea

documentation: Update descriptions for neighbor rules

77e5103

cronet-go: Update chromium to 145.0.7632.159

47742ab

Refactor ACME support to certificate provider

2132e68

nekohasekai force-pushed the testing branch 2 times, most recently from 300f36d to 11a8666 Compare March 30, 2026 16:37

nekohasekai added 2 commits March 31, 2026 00:38

Add BBR profile and hop interval randomization for Hysteria2

ab323e0

Bump version

ebf8a21

nekohasekai force-pushed the testing branch from 11a8666 to ebf8a21 Compare March 30, 2026 16:38

nekohasekai added 2 commits March 31, 2026 07:45

Add ACME profile support for IP address certificates

ab01d7b

Auto-select `shortlived` profile for Let's Encrypt when domain list contains IP addresses. Expose `profile` option to allow manual override for custom CA servers.

Fix ACME HTTP-01 challenge for IPv6 literal addresses

3d22636

Replace certmagic with a fork that strips brackets from bare IPv6 addresses in the HTTP Host header, fixing HTTP-01 challenge matching for IPv6 literal address certificates. Fixes #3964

nekohasekai force-pushed the fix-acme-http-tls-challenge branch from 0f39c10 to 3d22636 Compare March 30, 2026 23:54

nekohasekai force-pushed the testing branch 3 times, most recently from 484b664 to 25052a2 Compare April 3, 2026 15:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add ACME profile support for IP address certificates#3958

Add ACME profile support for IP address certificates#3958
nekohasekai wants to merge 10 commits intotestingfrom
fix-acme-http-tls-challenge

nekohasekai commented Mar 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

nekohasekai commented Mar 26, 2026

Summary

Test plan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant