Comment by crote
> IP address certs sound like a security nightmare that could be subverted by BGP hijacking.
The attack scenario is exactly the same as hostname certificates, which are often validated by HTTP or TLS ACME challenges.
> Does accessing the ACME challenge from multiple endpoints adequately prevent this type of attack?
Yes. You'd essentially have to MitM all traffic towards the IP for it to work, and with more and more networks rolling out BGP origin validation a global BGP hijack becomes harder and harder to pull off.
You'd still be in trouble if you expect your own ISP to be hostile, of course. Don't single-home with an ISP you don't trust, or stick with domain name certs and force DNS challenges.
Given this weakness in ACME, I don't understand why cloud providers don't provide transparent 443 proxying by default. I guess it's security theater.