SSL Certificate warning in browser - RHEL 6.9 + Apache - No Domain (Only With IP)

sb82 · September 20, 2017, 6:46am

Hi Team,

We are using RHEL 6.9 and Apache server and have installed certificate with the following commands.

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
$ sudo ./path/to/certbot-auto --apache

Right now we are on UAT environment and have no domain available, only Public IP is available.
After running above command, we are able to open public IP with https, however it shows SSL certificate warning for all browsers.

How can we avoid this warning ? Can it work without domain name ? Am I missing any manual configuration which needs to be done ?

jared.m · September 20, 2017, 7:01am

Let’s Encrypt does not issue certificates for IP addresses. There’s a lot more to consider here, especially since they can change so often (an IP address you control now might not be under your control only an hour later!)

sb82 · September 20, 2017, 7:16am

Thanks for your response. So once we have domain name available, can we just run the same commands on production web server or we have to specify domain name with -d command ?

$sudo certbot --apache -d mydomainname.com -d www.mydomainname.com

We are going to have single website hosted on this server. So let me know, if any manual configuration is required ?

We have network load balancer configured on two web servers. So do we have to run these commands on separately on both servers ?

schoen · September 20, 2017, 6:33pm

Hi @sb82,

Configurations with load balancers can be complicated and depend a lot on the details of your setup and what layer things work at. In this case, it’s important to understand exactly what the components of the system are doing.

When a certificate is issued by Let’s Encrypt, there are three ways to prove your control over the domain name. It might be helpful to read

Notice that two of the methods (TLS-SNI-01 and HTTP-01) make an inbound connection to your server to prove control over the domain name. This connection must ultimately reach the machine that is running Certbot. This can be tricky in the load balancer case. One popular approach which is described in a number of threads on this forum involves setting up HTTP 301 redirects for particular URLs. That is only applicable to the HTTP-01 method, not to the TLS-SNI-01 method.

Then another question is about deploying your certificates after they are issued. It is possible to copy certificates, chains, and private keys from one machine to another. You need a certificate configured on each machine that can terminate inbound TLS connections, but they don’t have to be different certificates. You may also want a strategy for how to automate renewals, and, if you’re somehow copying certificates around, for how to deploy the certificates after each renewal happens.

system · October 20, 2017, 6:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot installs cert fine, verified, but still no https in any browser Help	2	420	August 12, 2020
Can't connect to website after installing certbot on apache Help	42	670	December 7, 2023
Certification SSL ,, plz help Help	2	521	July 15, 2022
Attempt two, use certbot to install certificates Help	3	753	March 12, 2020
Cert installed, but can't enable SSL Help	4	424	May 30, 2021

SSL Certificate warning in browser - RHEL 6.9 + Apache - No Domain (Only With IP)

Related topics