Ssl certificate for private ip address


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: IP

I ran this command:sudo certbot -a dns-plugin -i apache -d “IP” -d IP --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:

> Requested name IP is an IP address. The Let’s Encrypt certificate authority will not issue certificates for a bare IP address.

My web server is (include version):Apache

The operating system my web server runs on is (include version): centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Then you can’t get a certificate. Let’s Encrypt doesn’t issue certs for IP addresses (like the error message you quoted says), and no CA will issue certs for private IP addresses.


#3

You could however register a free domain name with a service known to have an API compatible with one of the DNS plugins of certbot and get a certificate for that hostname. If you’d use a DNS plugin it doesn’t matter if the hostname points to a private IP address.


#4

Hi,

I have tried with hostname(localhost.localdomain) also, am getting **

The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

**

$ sudo -H ./letsencrypt-auto certonly --standalone -d localhost.localdomain.com -d www.localhost.localdomain.com

It produced this output:

Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for localdomain.com
http-01 challenge for www.localdoamin.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.


#5

Hi @spandanatv,

Regarding localhost.localdomain, it is not a valid domain so you can’t issue a certificate for this domain.

Regardinglocalhost.localdomain.com, it is a valid domain but you don’t own it so you can’t issue a certificate for it.

Regarding the error Problem binding to port 80: Could not bind to IPv4 or IPv6. you are using the letsencrypt in standalone and that means that letsencrypt tries to start a mini web server but the ports 80 and 443 are in use, I suppose that your web server is using them.

Solution: as suggested above, get a real domain.

Cheers,
sahsanu


#6

To be more precise: Let’s Encrypt will only certify publically available hostnames, as in, hostnames which anyone on the internet could resolve. Therefore, “fake” hostnames won’t be valid.


#7

If you want a certificate for internal development use only, maybe you could use a self-signed certificate instead of a certificate from a public CA?


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.