SSL for IP when you have a domain name

Help
21

It is almost doing that now:

curl -Iki 45.33.36.173
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 20 Sep 2020 01:55:36 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://denaligo.com

The http://45.33.36.173 is now being redirected to HTTP://denaligo.com

1 Like
22

Iā€™m not familiar with what you are showing me. You ran ā€œcurl -Iki 45.33.36.173ā€ and it returned the information?

.

1 Like
23

But the HTTP is then redirected to HTTPS.
So, (in two steps), it is doing HTTP://IP to HTTP://name to HTTPS://name

Yes. that was to show what http://45.33.36.173 "does"

HTTP/1.1 301 Moved Permanently
Location: http://denaligo.com
1 Like
24

So, why is nginx not processing http://denaligo.com with LE and then presenting application. I suppose that should have been my key question all along.

25

That is a completely separate question and has nothing to do with HTTP://IP

27

I see:
http://denaligo.com/ redirecting to https://denaligo.com/
http://www.denaligo.com/ redirecting to https://www.denaligo.com/

I also see a valid cert at both HTTPS sites:


What exactly is NOT working?

1 Like
28

You are correct. if you type http://denaligo.com/, it redirects properly, create LE connection and displays application. If you type http://45.33.36.173/, you get a browser error.

29

http://45.33.36.173/ should redirect to http://denaligo.com
as shown by:

curl -Iki http://45.33.36.173/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 20 Sep 2020 02:39:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://denaligo.com
1 Like
30

I don't get that error, try from another location.
OR
clear your browser cache

1 Like
31

What happens when you try each of those from your browser?

33

Iā€™m sure I could be more embarrassedā€¦ Thanks for spending so much time on this. I believe the problem was solved back when you recommended I create the new server block.

2 Likes
34

Allā€™s well that ends well.
Cheers from Miami :beers:

@Rip Time for that beer!

2 Likes
35

Hi @mwbuchholz

you can and you should completely ignore that problem.

First, every user / browser / bot connects your raw ip.

Connecting https://denaligo.com/ is impossible. In reality:

  • A- or AAAA-query of denaligo.com, result 45.33.36.173
  • Then the browser connects that ip https://45.33.36.173/
  • Then the browser sends a GET command
GET / HTTP/1.1
Host: denaligo.com

Nearly the same, one step earlier, is the SSL connection created.

So if the browser connects the ip, the Host header is empty or has the ip address. So the SSL handshake can't find the correct certificate (or can find one if there is a certificate with the ip address). If there is nothing, the standard SSL certificate is sent back.

Conclusion: If your raw ip is connected, it's a

  • bot or tool, that tests something -> ignore it
  • user, who checks something -> ignore it too.
1 Like
36

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.