@johnpoz said in SSL Certificates for Local IP address:
Does that method also allow for rfc1918 IP san entries? Or for a use of domain that is not valid on the public via tld, like local.lan, or single label domains that many users are found of
No, it can't have IP address SANs and must have a valid domain that exists in public DNS. The hostname doesn't need to be public, but the domain has to be registered/have name servers.
If so will have to play with this. But then again not too many switches and other devices have support for ACME that I have seen. Sot he local CA still has multiple advantages IMO.
Yeah, for that kind of thing it could be a PITA to constantly update them with the ACME cert since it wouldn't be automated. Local CA does win out in that scenario.