Apply for free SSL certificate for IP address - let IP address realize HTTPS encrypted access

Generally speaking, adding an SSL certificate to a domain name using domain name access is a routine operation for building a website, but some applications may not need to use domain name access, or do not want to bind a domain name, but just want to use a simple IP to achieve access. Under the background that the entire network is accessed through HTTPS encryption, is it possible to add an SSL certificate to the IP address to achieve access?

Have. But most IP facing SSL certificates are charged. The free SSL certificate provided by zeroSSL supports pure IP issuance. This article will share the application for zeroSSL free pure IP SSL certificate and how to install and configure zeroSSL free SSL certificate on your own server (pagoda panel or Nginx).

Picture [1]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

1. ZeroSSL certificate application

website:

  1. https://zerossl.com

1.1 Manual application

Go to the ZeroSSL official website, register an account, and then click Free SSL Certificate Application.

Picture [2]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Fill in your IP address and choose the length of the free SSL certificate.

Picture [3]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Select Automatically generate CSR.

Picture [4]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

1.2 Verify the domain name

ZeroSSL free SSL certificate provides two methods of domain name verification, the simplest is Web verification, but the premise is that you need to allow your IP address to achieve Web access. If not, you can choose to use domain DNS to add TXT record verification.

Picture [5]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

If you choose Web access to the website, download the verification file directly, and then upload it to the default Web directory of the IP address. The path is required to remain as follows:

Picture [6]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Open the IP with your browser and make sure you can access the verification file.

Picture [7]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Finally, go back to the ZeroSSL verification page and click Finish verification.

Picture [8]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

2. ZeroSSL certificate installation

2.1 Download the certificate file

After the ZeroSSL certificate has been successfully verified, you can download the certificate file. ZeroSSL SSL certificates come in many forms, including Nginx, Apache, and more.

Picture [9]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Taking Nginx as an example, there are three ZeroSSL certificate files downloaded: ca_bundle.crt and certificate.crt and private key key.

Picture [10]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

2.2 Merge SSL certificates

For Nginx server, you need to merge ca_bundle.crt and certificate.crt by opening certificate.crt and copy-pasting the content of ca_bundle.crt in the back.

Picture [11]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

2.3 Install the SSL certificate

If you are using the pagoda panel, you can directly click to install the SSL certificate in the background, and then upload and save the certificate and key files separately.

Picture [12]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

If you are using the Oneinstack one-click package and the LNMP one-click installation package, you need to open your Nginx configuration file (not the domain name Nginx configuration file), modify the following format, and be careful to change the path of the SSL certificate to your own:

server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name _;
index index.html index.htm index.php ; _ _
root /home/wwwroot/default;
ssl_certificate /usr/local/nginx/conf/ssl/ipssl/wzfouip.crt ;
ssl_certificate_key /usr/local/nginx/conf/ssl/ipssl/wzfouip.key ;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ; _ _ _
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM- SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5" ;
ssl_session_cache builtin: 1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem ;
access_log /home/wwwlogs/access.log ;
}

After the certificate is installed, remember to execute: nginx -t to check if there are any syntax errors. If not, restart Nginx directly to complete the SSL certificate installation. Open the IP address and you can see that the IP SSL certificate has been successfully installed.

Picture [13]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine
Picture [14]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

3. Summary

For now, there is no good tool to automatically renew the ZeroSSL free SSL certificate of pure IP for the time being. A developer on Github wrote a tool using golang to achieve the renewal: https://github.com/tinkernels/zerossl-ip -cert , but it is not easy to operate, so the simpler method is to apply for renewal manually.

Oracle crack SSH key problem

 This post will teach you the second method to solve the SSH key problem.

Step 1: Prepare a linux server directly, (any one, this is not difficult for MJJ)
Step 2: Link your own linux server (under root authority), enter the cd/root/ .ssh directory
Step 3 : Execute the ssh -keygen -t rsa command (enter all the way)
Picture [1] - Oracle crack SSH key problem - Rich Magazine
Step 4: Get the key generated just now, execute the command cat id_rsa.pub (if you follow my way to enter)
Picture [2] - Oracle crack SSH key problem - Rich Magazine
Step 5: Go to oralce A workbench is added to the instance details page, and the key is only generated after entering it.
Picture [3] - Oracle crack SSH key problem - Rich Magazine
Once the console connection is active, click "Connect using SSH" and copy the command to linux for execution.
Step 6: Successfully connect to the instance.
Picture [4] - Oracle crack SSH key problem - Rich Magazine
Step 7: Restart the instance.
Picture [5] - Oracle crack SSH key problem - Rich Magazine
Step 8: After rebooting we go back to the linux server and we will see the following echo, select the kernel and click "E" to edit the kernel to run with a bash prompt.
Picture [6] - Oracle crack SSH key problem - Rich Magazine
Step 9: Edit the kernel with rw init=/bin/bash and press ctrl+x, it will land at the bash prompt. As shown below (there is a space before rw)
Picture [7] - Oracle crack SSH key problem - Rich Magazine
Picture [8] - Oracle crack SSH key problem - Rich Magazine
Step 10: Execute the following command and update the new public key generated by PUTTYGEN to authorized_keys
Command 1: /usr/sbin/load_policy -i
Command 2: /bin/mount -o remount, rw/
command 3: cd ~opc/.ssh
command 4: pwd
Picture [9] - Oracle crack SSH key problem - Rich Magazine
Step 11: Copy the new key to the authorized_keys file and save it.
Use the command: vi authorized_keys
Step 12: Change the ownership and permissions of the authorized_keys file and reboot the system.
Picture [10]-Oracle cracking SSH key problem-Rich Magazine
After waiting for the instance to bootstrap, you can use the new private key to connect to the instance.

Customize the display of system status and content in the Windows taskbar

Perfmonbar  is adisplay the system status on the Windows taskbar . It can fully customize all display contents, formats, and colors. It supports Windows 7 to 10 systems , but does not support Windows 11. It is not an out-of-the-box software.

Picture[1]-Customized display of system status and content in the Windows taskbar-Rich Magazine

Perfmonbar

This is a non-out-of-the-box software. Different systems require different configurations. Just edit  %APPDATA%\PerfmonBar the files in the directory  config.xml .

First, you need to get the system status parameters, open a command prompt, and enter:

typeperf -q > counters.txt

Then you get a  counters.txt  file with all the customizable content:

Picture [2]-Customize the display of system status and content in the Windows taskbar-Rich Magazine

Just   add each line in  the counters.txtconfig.xml file to the  file:

Picture [3]-Customize the display of system status and content in the Windows taskbar-Rich Magazine

For such a highly customizable tool, it really needs a certain tossing ability, after all, it can't be used out of the box?

Then, you can open the Performance Monitor Toolbar in the toolbar of the taskbar  :

Picture [4]-Customize the display of system status and content in the Windows taskbar-Rich Magazine

Finally, for this practical and slightly troublesome tool, classmates who like it must love it, and classmates who find it troublesome must scoff at it.

Obtain

Great Wall of China