Subdomain forward to IP address invalidates the cert

I am using GoDaddy to host and also have a Bitnami MEAN server running REST frontend and backend at AAA.BBB.CCC.DDD (two different ports, both with SSL). The Bitnami server is running on an IP address (no domain). I have attempted to utilize a subdomain that is forwarded to the IP address to enable HTTPS/SSL. I have successfully created a certificate for the subdomain ( Unfortunately, i don’t seem to have the magic formula to make a redirect or forward land on the Bitnami server address with the right URL to result in the certificate being accepted. I have tried subdomain creation with redirection in the cPanel for i have tried DNS forwarding with an A record. if someone has done this successful, i’d appreciate any insight you could offer.

Hi @appsbyfivegs,

Let’s Encrypt certificates are valid for a hostname, regardless of what IP address the hostname resolves to. Let’s Encrypt does not issue certificates for IP addresses as a matter of policy. Browsers don’t regard certificates for hostnames as valid when the site is accessed by IP address. If you want to access your site via HTTPS, you should either get or create a hostname for it (and re-issue your certificate with coverage for that name, or create a totally separate certificate covering only that name), and then access it under that hostname instead of by IP address) or create a self-signed certificate and add an exception in your browser to trust the self-signed certificate.

Thanks for the reply. Agree that the cert is for a hostname. I created a cert for the subdomain of my host, which indicates that i had things set-up correctly for HTTP to resolve the subdomain to the IPADDRESS. However, when i try to access the subdomain through HTTPS, i get the page display, but the URL changes to https://IPADDRESS and browser indicates that the cert is invalid… i believe my question is more about how forwarding can be workable for HTTP and letsencrypt but improperly configured for HTTPS to access… trying to understand why it would be different.

Oh, sorry for misunderstanding your question.

Do you know which device is generating the HTTP redirect?

No problem. i wasn’t quite clear. I believe I am getting a DNS forward instead of a HTTP redirect. i configured the GoDaddy DNS control with subdomain forward from to https://IPADDRESS. I can see that an A record was created as a result. I believe this forwards both HTTP and HTTPS to HTTPS://IPADDRESS, and is supposed to be transparent to the client. [i’ll admit that i have tried multiple solutions at this point, so it could be that there is a residual configuration corrupting my observations]. However, right now gets forwarded to https://IPADDRESS (with the cert invalid) and goes nowhere.

Sorry, what you're describing doesn't exist! There is no such thing as a "DNS forward" to a URL. The only Internet technology that can forward to a URL is an HTTP forward. Even if GoDaddy is unclear in their description of the protocol level at which the forwarding is happening, they must be running a web server which is sending an HTTP redirect. The A record for, in turn, must be for GoDaddy's web server and not your server.

To make this stop happening, you should be able to tell GoDaddy to make resolve directly to your IP address.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.