Letsencrypt certificate not working?


#1

Hello! I recently bought a domain and decided to install a Letsencrypt certificate on it on a Digitalocean droplet. I followed the tutorial here and did sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com

I also made it pass through Cloudflare for protection and now when I go to hask.me, it work (with Cloudflare SSL) and when I go to https://serverip I get this (net::ERR_CERT_COMMON_NAME_INVALID). and it doesnt redirect to my domain. but when I use http://serverip , it does redirect to the domain and I dont have any problem.

The thing I would like to fix here is the https://serverip , I also use Nginx

English is my second language sorry about the mistake I made

Thank you!


#2

Without your domain name, it’s difficult to answer.

SSL certificates are only valid for domain names, so I would not expect it to work when using https://serverip (because the IP address used will not match the domain name.

If you are using cloudflare cache - then you will be using the SSL provided by cloudflare, not a Let’s Encrypt certificate.


#3

Yes indeed, please always give your correct domain name, there really is nothing to hide.


#4

I expect the domain name to be hask.me

But anyway, that’s irrelevant: Let’s Encrypt doesn’t support the issuing of certificates for IP addresses, so surfing to https://ip.add.re.ss with a LE cert will always give an error (the ‘hostname’, i.e. IP address can never match anything in thr cett). This isn’t because something is broken, this is “by design”.


#5

This is always true for Let’s Encrypt but not for every other CA: if you decide you really have a need for this, you can likely still get it from some other CA (presumably as a paid product). With SNI that could probably exist alongside a Let’s Encrypt certificate.


#6

It is my domain name

I didnt know about the https + ip, it’s my first website I ever made.

Thanks you.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.