Encrypt an accessible hosted web page with an IP address (Flask)

Hi,

I'm create a security camera with a web page to connfigure a camera.
To do that, I'm used Flask and Python.

At begining, the web page use the http. After I used OpenSSL but the problem is the same, the browser don't recognize this certification.

Result, I'm looking for certbot and Let's Encrypt.
So, I'm used this commande : sudo certbot certonly --standalone

But he requests the domain name and when I write the ip and the port of the site web ( 192.168.1.51:8080 ), the result is :

An unexpected error occurred:
Error creating new order :: Cannot issue for "192.168.1.51": The ACME server can not issue a certificate for an IP address
Please see the logfiles in /var/log/letsencrypt for more details.

So how to certified this IP adresse ?

For information :
I'm use Linux (debian / rasbian ), on a raspberry pi 4 and flask to host the web page.

I log in SSH and it's possible for me to use root (sudo).

My "dommain" is 192.168.1.51:8080

The result of "certbot --version" is "certbot 0.31.0"

Thank you in advance for your answers !

3 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

You cannot use HTTP authentication with a private IP address (192.168.1.51), but you can use DNS authentication with a domain name. Furthermore, HTTP authentication requires a public IP address to respond to requests made via port 80, not 8080.

Update: "192.168.1.51:8080" is not a domain name. You cannot (at present) publicly certify a public IP address via Let's Encrypt (and you will never be able to publicly certify a private IP address).

2 Likes

If you don't have a domain name and don't want to oay for it, there are free options available online. Mostly subdomains, but that shouldn't be an issue. Do check if such a domain (for which subdomains are available for users) is listed on the Public Suffix List though!

Note: it might be that it isn't possble to modify the TXT records of the DNS of these free services. So perhaps the DNS-01 challenge is out of the question. Then you'd need to be able to put your actual public IP in the hostname, so you can use the HTTP-01 challenge or you could delegate the DNS service for the hostname to your public IP address.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.