SSL for IP when you have a domain name

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: denaligo.com

I ran this command: Entered the IP address from browser

It produced this output: NET::ERR_CERT_COMMON_NAME_INVALID

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):using Certbot

1 Like

First time user. Didn’t really get question in. I believe I understand that Let’s Encrypt doesn’t allow SSL for IP address entered from browser. I have SSL certificates working for domain name. I’m trying to figure out how to handle security when someone simply enters IP address of my server. Thank you.

1 Like

Hello @mwbuchholz

We could have this resolved in record time if more information were provided.
Odds are that whatever server software you are using has a “whateverhost.conf” of sorts that has your public IP (45.33.36.173) where your server/domain name (denaligo.com) should be.
EDIT: Configured correctly your server should redirect your IP to your domain name by default.

1 Like

You can handle HTTP://IP.IP.IP.IP/ and redirect that to HTTPS://YOUR.DOMAIN.NAME/
But you won’t be able to use LE certs for HTTPS://IP.IP.IP.IP/

1 Like

The web server is nginx/1.18.0. I will look at the .conf file.

I can’t figure out what conf file is incorrect. It’s not nginx.conf and I can’t find a denaligo.com.conf file. The server block looks correct.

1 Like

Not sure what you are looking for but you can show the entire nginx config (in use) with:
sudo nginx -T

1 Like

@rg305, My suggestion is to find the IP 45.33.36.173 in whichever configuration file it lives and modify that to reflect the actual host/domain name. A redirect from IP -> domain name would work but might lead to too many redirects,etc… Now that I know OP is running nginx, I can actually say Im not familiar with file locations and syntax, etc. :shushing_face:

1 Like

It might be /etc/nginx/conf.d/{files}
But the easy “find” for that would be:
sudo nginx -T | grep -i include

[which would show all the inclusions]

2 Likes

Thank you. I’ve looked in the includes and I can not find anything where I’m listing an IP address that should be the host_name. I just can’t figure out where the “redirect” occurs when you enter the external IP address from the browser address.

1 Like

So if @rg305 helps you resolve this I’ll buy the beer! I have to step out for a while.

grep -ERi ‘45.33.36.173’ /path/to/your/config
More Later.

1 Like

The IP is NOT a normally included server name.

If you want to cover that “name”, you will have to add it (just like any other name).

1 Like

I’ll still buy the beer.

1 Like

Try creating a new file with something like:

    server { #IP
    listen *:80 default;
        server_name 45.33.36.173;
        location / { 
            return 301 https://your-domain-name-of-choice;
        }#location
    }#server
1 Like

No go! I created a new server block exactly as you indicated. I just get the web page error “Your connection is not private…”

I just wanted the IP address, when entered in the browser address, to serve the application the same as the domain name does. I better take a break… Thanks for the help.

Securely (via HTTPS) or insecurely (via HTTP) ? ? ?

1 Like

I guess I simply don’t understand enough about what I’m doing. I was expecting nginx to redirect https://45.33.36.173 and http://45.33.36.173 to https://denaligo.com and regardless of how someone tries to access my site, it will be through a secure socket.

I created two server blocks, one that you suggested and the original handling my domain name. The domain server block works fine, the other just provides the “your connection is not private” error message in the browser and doesn’t serve up the application.

2 Likes

This should be possible:

This will NOT; as it requires the user to first connect to your IP securely (without a valid signed cert):
https://45.33.36.173 to https://denaligo.com

1 Like

So, someone should ne be allowed to connect just typing in the IP by itself or with HTTP://?

1 Like

Yes, “the IP” alone would default to HTTP://{the.IP}
That should be possible to catch and serve the redirection to HTTPS://{whateverYOUwant}

1 Like