How to get a SSL certificate for my Flask server without a domain name?

My domain is: I don’t have one, I have only an IP address and port number

I ran this command: sudo certbot --nginx -d 165.227.78.120:5000/ -d 165.227.78.120
:5000/

It produced this output: Error creating new order :: Cannot issue for “165.227.78.120”: The ACME server can not issue a certificate for an IP address

My web server is (include version): Nginx 1.14.0

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I looked around on Lets Encrypt, I found a page saying, “Unfortunately Let’s Encrypt doesn’t issue certificates for bare IP addresses, only domain names”. That is in line with the error message. So my question is, what can I do to get a SSL certificate for my Flask server, which runs using WSGI and has no domain name?

Hi @plutownium,

Do you intend for your server to be accessed by the general public, or only by you?

If you want it to be accessed by the general public via TLS, you’ll need to get a domain name, or pay a commercial CA that issues certificates for IP addresses, or wait a few months (?) for Let’s Encrypt to introduce that service.

If you just want to use it yourself, you can create a self-signed certificate, or create your own personal CA, and then tell your browser and/or other clients to accept the relevant certificate (because you know it’s correct since you created it yourself, and you run the service on the other end).

1 Like

The server will be accessed by the general public.

Ok, thanks for your reply, I’ll get a domain name for the server.

When you do, and for anyone else reading, you can’t specify a port when requesting a cert from LE.
[There is no -d name:port supported option].

2 Likes

… and this is because a cert is valid for all tls services on all ports. you only need to validate on port 80 or 443, then you can use the cert wherever.

1 Like