2

I have several services running on a local server that I would like to work over HTTPS. The problem is that self-signed certificates will always give warning if I am not mistaken so it's not really an option for practical reasons.

I do have a shared hosting service with domain and sub domains and could even get a dedicated domain for this if needed. I got a Let's Encrypt certificate from the host but when using it locally it gives a warning because the local IP is not part of the certificate. The host does not support adding non-hosted IP to the cert so that's no good.

Currently I am running a script on a local machine that contacts the remote server which saves the IP address so when a particular page is accessed it reads the IP and redirects. This works but is no good for SSL. Is there a way to point a domain to a dynamic IP via a script on the server like DDNS services perhaps? In cpanel I can only point it to a static IP value.

What are some solutions to get SSL for local and forwarded external IP's running on a local machine with no warnings?

Example: Test service/site running on a home internet connection.

Local IP 192.168.0.10

External IP 85.24.69.2 (forwarded and accessible from the internet, dynamic IP)

This service should be accessible via HTTPS both from the internet and locally. Local access (no internet required) could be worked around with hosts file if no other solution exists. Address used to access can be IP or a domain.

DominicM
  • 251

2 Answers2

3

Steps to fix this is quite simple:

  1. Buy a domain for your local environment
  2. Create a A record on that domain, pointing to your external IP.
  3. In your local DNS server (be it a consumer router or such) configure a DNS-zone for the same domain, pointing to your Internal IP (192.168.0.10).
  4. Install cert-bot auto (and follow the instructions from https://letsencrypt.org/getting-started/
  5. You should be ready to go, with a proper valid secure connection.

You can't use a LE certificate for IP addresses. And you are not suppose to do that for anything, really. As others have pointed out in comments, the certificates are not bound to IP Addresses, but domain names.

mdavidsen
  • 83
0

Assuming you are accessing these services with a web browser, the certificate only cares about the hostname in the request. if you are accessing the service locally, on you LAN, add a host record to DNS.

192.168.0.10 www.example.com

Update your external DNS to point to your public IP. 85.24.69.2 www.example.com

Jeff W.
  • 511