Can you forward me to some page where i can read more about this as well as how to protect myself?
Thank you once again.
1 Like
Nobody (ok, Cloudflare and Google have some) has certificates with ip addresses.
Query the ip address of this forum or from Letsencrypt, use the ip address in your browser - you see the same.
Don't use ip addresses in browsers. If you do, you should know what you are doing.
PS: But it's helpful to check the ip to see, if the domain works without SNI. That's the reason I've added an ip check in my tool.
1 Like
Simply... no, you should not. You can only get a LE certificate for a publicly reachable domain name. LE certificates are not available for IP addresses.
1 Like
Because there is no certificate for that "name" (the IP).
And using an IP in a certificate is not a very good way to secure a server connection.
Your server already has certs.
You could use one of them instead in your "control connection".
Something more like:
https://prominenthair.hr/phpmyadmin
Or even better yet:
https://prominenthair.hr/anything-else-not-phpmyadmin
Like (nothing used before):
https://prominenthair.hr/HowToAdmin
https://prominenthair.hr/AdminForME
https://prominenthair.hr/XYZ12345
You should also require authenticated access (if not already doing that).
And you might want to also restrict the access to that ADMIN folder/URL to a specific IP or set of IPs/network(s).
[if you know your source IP(s) and can work with limiting yourself to just those few IPs or networks]
That would change your current access FROM:
An IP everyone on the Internet can reach.
A URL path that extremely common and access to it is in every script kiddie's arsenal.
And an insecure certificate that can be easily spoofed.
TO:
Still an IP everyone on the Internet can (try to) reach. [But leads to nothing]
A URL path that can't easily be guessed [and isn't in anyone's attack scripts]
And a certificate that is trusted and can't be spoofed.
Hopefully this all was worth the read and you've learned something along the way 
If you need any help implementing anything I've mentioned above, you can easily search the web for clues and ideas or just shoot me message.
2 Likes
Not even 1/3 the way through these posts and I realized you were giving @morlovac an "education." I believe Mario's learned a lot. 
1 Like
Thanks a lot people, especially to rg305 and thank you for your patience.
@JimmPas Yes, a proper education 
and yes, I’ve learned a lot
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.