Cetbot certonly -standalone does like redirected doamin to ip addr

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pjames.us

I ran this command:sudo certbot certonly --standalone --preferedchallenges http -d pjames.us

It produced this output: Invalid host inredirect target “108.31.152.19”. Only domain names are supported not ip addresses

My web server is (include version): custom code

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: me

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.5.0

1 Like

ps. domain is being redirected by godaddy dns

1 Like

Hi @robogrow

you have to remove that redirect.

But if your domain name points to GoDaddy and uses that redirect, that can’t work.

Your domain name must have the ip address where you run your Certbot standalone.

2 Likes

I was hoping I could create and/or change DNS records and make it work. I have custom software servers and can’t host them on Godaddy.

Is there an LE alternative to certbot to get free certs and still redirect domain. Or am I stuck buying one or more certs from Godaddy?

Seems this would be fairly common.

1 Like

That shouldn’t be a problem.

You dns config - https://check-your-website.server-daten.de/?q=pjames.us

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
pjames.us A 184.168.131.241 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes 2 0
AAAA yes
www.pjames.us CNAME pjames.us yes 1 0
A 184.168.131.241 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes

Change the A record to your ip 108.31.152.19.

There is no “step between” required.

Then you can run Certbot on 108.31.152.19.

2 Likes

:wave: @robogrow

One thing that might be worth noting here is that the error you’re receiving about the invalid redirect target is coming from the backend Let’s Encrypt CA software and not Certbot. You’ll have to fix the redirect per @JuergenAuer’s advice, another ACME client will fail the same way with a bare IP address redirect.

Hope that helps!

1 Like

I did this already.

No just trying to figure out which certificate to use in fullchain.pem file.

Got site running now, but somehow it seems I generated a signed not a CA certificate.

Try pjames.us

is there a something I am missing?

Use your domain name + https directly.

https://pjames.us/

Perhaps clear your cache. First, my browser had a cached redirect http -> https + ip.

Got cert working at pjames.us but appears to be signed not CA trusted. getting security warnings when going to websote

Also, looking for help getting a group video chat work (want to give it away free) got it running locally but needs tls/ssl to work on internet. see ncreepy.com

Unlike Zoom and other video conference software it is end to end encrypted using webrtc. Not clear how many total streams can work in a browser at once. I’ve only tried three. Works on my local net, but needs tls/ssl to work on external internet. Sever meant to run on personal computers with no central accounts or directories. Still using external STUN sever but goal is to put STUN server on personal computer so there will be no outside traffic other then the initial signaling server that sets up the browser connections.

Given COVID the world needs a free safe, private and secure video chat.

Sorry for bother everyone. Found problem https:pjames works fine. pjames.us redirect bad.

I was using a redirect to an ip address in 00-default.conf. Problem fix. Now, I am getting security error hen trying to open websocket. I need to figure out how to make websocks ssl secure.