SSL certificate with Public ip in subject alternative name

Hi, I have a ssl certificate issued by lets encrypt for my domain. That domain is than resolved to public ip address which is turn is port forwarded to my node server running on local machine. My certificate does not contain my public ip address as a result of which my website is not secured. How can i create a ssl certificate with my public ip in the subject alternative name.

You cannot create such a cert using Let's Encrypt. Other CAs may allow this.

5 Likes

But in the ssl certificate that I have at the moment, it shows subject alternative name. Why is it then visible

Of course Let's Encrypt issues certs with Subject Alt Names--but they don't issue certs for IP addresses.

5 Likes

No i dont want ssl certificate solely for ip address. I have a domain name and will get the certificate for it only but i also want to cover my public ip address with the certificate. Something like this
Subject Alternative Names
DNS: my domain name
IP Address: 87 04 67 36 17 9A
IP Address: 87 04 C0 A8 01 AF

What part of "Let's Encrypt doesn't issue certs for IP addresses" is difficult to understand? Because I don't think I can be clearer about this. It doesn't matter whether the IP is the sole identifier on the cert or one of many SANs; Let's Encrypt doesn't issue certs for IP addresses. If you need one (though it's far from clear why you would), you'll need to seek that from a different CA.

5 Likes

What all things can be included in the subject alternative name

In certs LE issues? Only fully-qualified domain names.

6 Likes

If you want a certificate that is issued by a public Certificate Authority, it will have to conform to the CA/B Forum baseline requirements.

That is an inaccurate conclusion. Publicly trusted certificates do not normally include IPs in the SAN.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.