Trying to get localhost a valid certificate


#1

Please fill out the fields below so we can help you better.

My domain is: (I do not have one)

I ran this command: sudo certbot --apache

It produced this output: Failed authorization procedure. localhost.localdomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 209.126.123.11:443 for TLS-SNI-01 challenge

My operating system is (include version): Ubuntu 16.10

My web server is (include version): Apache2 + Tomcat 8

My hosting provider, if applicable, is: I do not have one. Use Google Fiber 1000 for ISP.

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I want to convert my webserver ran on localhost accessed via ssh on my Android to HTTPS. Unfortunately, it does not appear possible to do this without a domain name? I want to get around the constant prompts that the Connection is not secure by using a valid certificate, but do not know how to get a valid certificate without a domain, and I do not wish to pay for a super expensive Internet package if I’m the only one who will ever use my website.


#2

Publicly-trusted CAs are not permitted to issue certificates for internal names like localhost or reserved IP addresses like 127.0.0.1. Your options are basically:

  • Generate a self-signed certificate (and/or a root certificate) with e.g. openssl and deploy it on your devices. AFAIK this still works for Chrome on Android (don’t quote me on this, I haven’t tried in a while :smile:), but might not be accepted by other apps starting with Android 7. For instructions on how to do this, see the “Work with CA certificates (trusted credentials)” section here.
  • Obtain a real (public) domain name. This could be a free domain from e.g. a dynamic DNS provider or a cheap domain from your registrar of choice.

#3

You can also pay for a certificate from a paid CA that is willing to issue for IP addresses, if the IP address is a public address and not an internal LAN address. That’s not necessarily the cheapest option, though!


#4

There are even free domain providers without the dynamic DNS part (no need for the client side applications and that sort of stuff). Just Google for “free domain name” and you’ll find quite a lot, obviously not every site as useful as others. Dot.tk is quite a known site.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.