SSL for IP when you have a domain name

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: denaligo.com

I ran this command: Entered the IP address from browser

It produced this output: NET::ERR_CERT_COMMON_NAME_INVALID

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I donā€™t know): yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot):using Certbot

1 Like
2

First time user. Didnā€™t really get question in. I believe I understand that Letā€™s Encrypt doesnā€™t allow SSL for IP address entered from browser. I have SSL certificates working for domain name. Iā€™m trying to figure out how to handle security when someone simply enters IP address of my server. Thank you.

1 Like
3

Hello @mwbuchholz

We could have this resolved in record time if more information were provided.
Odds are that whatever server software you are using has a "whateverhost.conf" of sorts that has your public IP (45.33.36.173) where your server/domain name (denaligo.com) should be.
EDIT: Configured correctly your server should redirect your IP to your domain name by default.

1 Like
4

You can handle HTTP://IP.IP.IP.IP/ and redirect that to HTTPS://YOUR.DOMAIN.NAME/
But you won't be able to use LE certs for HTTPS://IP.IP.IP.IP/

1 Like
5

The web server is nginx/1.18.0. I will look at the .conf file.

6

I canā€™t figure out what conf file is incorrect. Itā€™s not nginx.conf and I canā€™t find a denaligo.com.conf file. The server block looks correct.

1 Like
7

Not sure what you are looking for but you can show the entire nginx config (in use) with:
sudo nginx -T

1 Like
8

@rg305, My suggestion is to find the IP 45.33.36.173 in whichever configuration file it lives and modify that to reflect the actual host/domain name. A redirect from IP -> domain name would work but might lead to too many redirects,etcā€¦ Now that I know OP is running nginx, I can actually say Im not familiar with file locations and syntax, etc. :shushing_face:

1 Like
9

It might be /etc/nginx/conf.d/{files}
But the easy ā€œfindā€ for that would be:
sudo nginx -T | grep -i include

[which would show all the inclusions]

2 Likes
10

Thank you. Iā€™ve looked in the includes and I can not find anything where Iā€™m listing an IP address that should be the host_name. I just canā€™t figure out where the ā€œredirectā€ occurs when you enter the external IP address from the browser address.

1 Like
11

So if @rg305 helps you resolve this Iā€™ll buy the beer! I have to step out for a while.

grep -ERi ā€˜45.33.36.173ā€™ /path/to/your/config
More Later.

1 Like
12

The IP is NOT a normally included server name.

If you want to cover that ā€œnameā€, you will have to add it (just like any other name).

1 Like
13

I'll still buy the beer.

1 Like
14

Try creating a new file with something like:

    server { #IP
    listen *:80 default;
        server_name 45.33.36.173;
        location / { 
            return 301 https://your-domain-name-of-choice;
        }#location
    }#server
1 Like
15

No go! I created a new server block exactly as you indicated. I just get the web page error ā€œYour connection is not privateā€¦ā€

I just wanted the IP address, when entered in the browser address, to serve the application the same as the domain name does. I better take a breakā€¦ Thanks for the help.

16

Securely (via HTTPS) or insecurely (via HTTP) ? ? ?

1 Like
17

I guess I simply donā€™t understand enough about what Iā€™m doing. I was expecting nginx to redirect https://45.33.36.173 and http://45.33.36.173 to https://denaligo.com and regardless of how someone tries to access my site, it will be through a secure socket.

I created two server blocks, one that you suggested and the original handling my domain name. The domain server block works fine, the other just provides the ā€œyour connection is not privateā€ error message in the browser and doesnā€™t serve up the application.

2 Likes
18

This should be possible:

This will NOT; as it requires the user to first connect to your IP securely (without a valid signed cert):
https://45.33.36.173 to https://denaligo.com

1 Like
19

So, someone should ne be allowed to connect just typing in the IP by itself or with HTTP://?

1 Like
20

Yes, ā€œthe IPā€ alone would default to HTTP://{the.IP}
That should be possible to catch and serve the redirection to HTTPS://{whateverYOUwant}

1 Like