Showing posts with label HTTPS. Show all posts
Showing posts with label HTTPS. Show all posts

Apply for free SSL certificate for IP address - let IP address realize HTTPS encrypted access

Generally speaking, adding an SSL certificate to a domain name using domain name access is a routine operation for building a website, but some applications may not need to use domain name access, or do not want to bind a domain name, but just want to use a simple IP to achieve access. Under the background that the entire network is accessed through HTTPS encryption, is it possible to add an SSL certificate to the IP address to achieve access?

Have. But most IP facing SSL certificates are charged. The free SSL certificate provided by zeroSSL supports pure IP issuance. This article will share the application for zeroSSL free pure IP SSL certificate and how to install and configure zeroSSL free SSL certificate on your own server (pagoda panel or Nginx).

Picture [1]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

1. ZeroSSL certificate application

website:

  1. https://zerossl.com

1.1 Manual application

Go to the ZeroSSL official website, register an account, and then click Free SSL Certificate Application.

Picture [2]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Fill in your IP address and choose the length of the free SSL certificate.

Picture [3]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Select Automatically generate CSR.

Picture [4]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

1.2 Verify the domain name

ZeroSSL free SSL certificate provides two methods of domain name verification, the simplest is Web verification, but the premise is that you need to allow your IP address to achieve Web access. If not, you can choose to use domain DNS to add TXT record verification.

Picture [5]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

If you choose Web access to the website, download the verification file directly, and then upload it to the default Web directory of the IP address. The path is required to remain as follows:

Picture [6]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Open the IP with your browser and make sure you can access the verification file.

Picture [7]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Finally, go back to the ZeroSSL verification page and click Finish verification.

Picture [8]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

2. ZeroSSL certificate installation

2.1 Download the certificate file

After the ZeroSSL certificate has been successfully verified, you can download the certificate file. ZeroSSL SSL certificates come in many forms, including Nginx, Apache, and more.

Picture [9]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

Taking Nginx as an example, there are three ZeroSSL certificate files downloaded: ca_bundle.crt and certificate.crt and private key key.

Picture [10]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

2.2 Merge SSL certificates

For Nginx server, you need to merge ca_bundle.crt and certificate.crt by opening certificate.crt and copy-pasting the content of ca_bundle.crt in the back.

Picture [11]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

2.3 Install the SSL certificate

If you are using the pagoda panel, you can directly click to install the SSL certificate in the background, and then upload and save the certificate and key files separately.

Picture [12]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

If you are using the Oneinstack one-click package and the LNMP one-click installation package, you need to open your Nginx configuration file (not the domain name Nginx configuration file), modify the following format, and be careful to change the path of the SSL certificate to your own:

server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name _;
index index.html index.htm index.php ; _ _
root /home/wwwroot/default;
ssl_certificate /usr/local/nginx/conf/ssl/ipssl/wzfouip.crt ;
ssl_certificate_key /usr/local/nginx/conf/ssl/ipssl/wzfouip.key ;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ; _ _ _
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM- SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5" ;
ssl_session_cache builtin: 1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem ;
access_log /home/wwwlogs/access.log ;
}

After the certificate is installed, remember to execute: nginx -t to check if there are any syntax errors. If not, restart Nginx directly to complete the SSL certificate installation. Open the IP address and you can see that the IP SSL certificate has been successfully installed.

Picture [13]-IP address free to apply for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine
Picture [14]-IP address free application for SSL certificate-enable IP address to achieve HTTPS encrypted access-Rich Magazine

3. Summary

For now, there is no good tool to automatically renew the ZeroSSL free SSL certificate of pure IP for the time being. A developer on Github wrote a tool using golang to achieve the renewal: https://github.com/tinkernels/zerossl-ip -cert , but it is not easy to operate, so the simpler method is to apply for renewal manually.