Do I Need a Separate IP Certificate? I've been told by my webhost that for letsencrypt to work I need to purchase a separate IP certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://sillyoldsod.com

I ran this command:

It produced this output:

My web server is (include version):?

The operating system my web server runs on is (include version):?

My hosting provider, if applicable, is: Awardspace.com

I can login to a root shell on my machine (yes or no, or I don’t know):I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):CP1


#2

Hi,

I think the IP certificate you mentioned is actually dedicated IP…

In short, no you don’t need an IP certificate…
You could use an dedicated IP to avoid some older clients who don’t support SNI (server name indication) and that’s mainly all the difference between dedicated IP & shared.

Thank you


#3

We can’t control your host’s policies or interpretations, but I agree with @stevenzhu. It sounds like your host has either misunderstood or misstated something (perhaps an issue about SNI and old browsers), or else simply wants to charge you extra to allow you to use Let’s Encrypt certificates.


#4

Thank you. I have purchased a dedicated IP.


#5

It now looks like I’m getting Not Secure messages in my browser. The host says give it 24 hours, but I’m not happy about it.


#6

It looks to me like the host didn’t look closely.

The problem is that https://www.sillyoldsod.com/ (which has a working certificate) redirects all connections to https://sillyoldsod.com/. The certificate presented only covers www.sillyoldsod.com, not the base domain name sillyoldsod.com. The certificate should most likely be reissued to cover both names.

A separate certificate for the base name sillyoldsod.com (by itself) was issued yesterday

https://crt.sh/?Identity=%sillyoldsod.com&iCAID=16418

but doesn’t seem to be in use on the site at all.


#7

Thank you. I’m not very good at these things, but I fully understand what you’re saying. Thanks again for the help.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.