Do I Need a Separate IP Certificate? I've been told by my webhost that for letsencrypt to work I need to purchase a separate IP certificate

SillyOldSod11 · June 14, 2018, 1:46pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://sillyoldsod.com

I ran this command:

It produced this output:

My web server is (include version):?

The operating system my web server runs on is (include version):?

My hosting provider, if applicable, is: Awardspace.com

I can login to a root shell on my machine (yes or no, or I don’t know):I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):CP1

stevenzhu · June 14, 2018, 3:16pm

Hi,

I think the IP certificate you mentioned is actually dedicated IP…

In short, no you don’t need an IP certificate…
You could use an dedicated IP to avoid some older clients who don’t support SNI (server name indication) and that’s mainly all the difference between dedicated IP & shared.

Thank you

schoen · June 14, 2018, 4:37pm

We can’t control your host’s policies or interpretations, but I agree with @stevenzhu. It sounds like your host has either misunderstood or misstated something (perhaps an issue about SNI and old browsers), or else simply wants to charge you extra to allow you to use Let’s Encrypt certificates.

SillyOldSod11 · June 14, 2018, 10:13pm

Thank you. I have purchased a dedicated IP.

SillyOldSod11 · June 14, 2018, 10:14pm

It now looks like I’m getting Not Secure messages in my browser. The host says give it 24 hours, but I’m not happy about it.

schoen · June 14, 2018, 10:22pm

It looks to me like the host didn't look closely.

The problem is that https://www.sillyoldsod.com/ (which has a working certificate) redirects all connections to https://sillyoldsod.com/. The certificate presented only covers www.sillyoldsod.com, not the base domain name sillyoldsod.com. The certificate should most likely be reissued to cover both names.

A separate certificate for the base name sillyoldsod.com (by itself) was issued yesterday

but doesn't seem to be in use on the site at all.

SillyOldSod11 · June 14, 2018, 10:24pm

Thank you. I’m not very good at these things, but I fully understand what you’re saying. Thanks again for the help.

system · July 14, 2018, 10:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.