0

There is a website https://ccie.pl. It prompts "not secure" connection while using site IP address but everything works correctly for domain name. What is the most likely reason for this behavior ? Is it related to NGINX/Apache WebServer configuration or is it problem in configuration of DNS records or perhaps the cause should be looked for somewhere else ?

How could it be fixed from a site administrator point of view ?

Virtual_Lotos
  • 43
  • 5

1 Answers1

4

A certificate is valid for only the subjects it contains. Your certificate contains the DNS name "ccie.pl", but not the IP address "188.68.255.142", so it is invalid for the latter.

To my knowledge, Let's Encrypt will not issue certificates for IP addresses. Not that it is a big deal IMO, as users probably use the domain name anyway (no one likes to remember an IP address, not even an IPv4 one).

If you want to make a certificate valid for the IP address, you'll have to look for a CA who does issue certificates for IPs.

Lacek
  • 6,585
  • 22
  • 28
  • IP addresses are not valid as subjects at all, or is it just the SNI spec that do not allow IPs as hostname? – NiKiZe Nov 29 '21 at 02:35
  • 1
    @NiKiZe: only SNI. X.509/PKIX certs in general can use any IPaddress _or_ domain-format name, although a _public_ CA will issue a cert only for a _public_ name or address, and Lacek is right LE won't do address at all. See https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address- https://stackoverflow.com/questions/33404386/can-i-get-an-ssl-certificate-for-an-ip-address https://stackoverflow.com/questions/38125490/securing-a-private-ip-address- https://serverfault.com/questions/980071/ipv6-address-in-ssl-certificate – dave_thompson_085 Nov 29 '21 at 06:54