Score:0

SSL Certificate for subdomain of server provider

kr flag

I have a small server at Strato. There your can access your server using it's IP, and using a subdomain of stratoserver.net, e.g. h1234567.stratoserver.net. I want to get an SSL certificate for it (From LetsEncrypt or ZeroSSL or something else free), but from what I read most providers don't accept IP adresses. Is there a problem/can I use the h1234567.stratoserver.net as the domain name?

us flag
`[email protected]` is not a subdomain, it is an email address. You cannot get a certificate for an email address. If your server can be accessed via a subdomain, then you can get a certificate for it from any certificate provider.
theboringkid avatar
kr flag
@TeroKilkanen ohh i meant to say ``h1234567.stratoserver.net``... I'll edit it
dave_thompson_085 avatar
jp flag
@TeroKilkanen nit: some kinds of certs, such as S/MIME and code-signing, must or can be identified by email addr; it is only TLS certs that cannot, but a 'server' nowadays typically means web and particularly HTTPS, which is TLS.
us flag
Thanks for the correction, I'll try to be more accurate with my comments :)
Score:1
br flag

A certificate, especially free ones from Let's Encrypt, certifies a domain name only.

In your case, you first need to ensure that h1234567.stratoserver.net is registered in global DNS and points to your server. It can point directly using an A record, or as an alias using a CNAME record. It sounds like this is done already, as you can access it by name.

You then need to ensure that you meet the Certification Authority (CA) requirement for identity validation. That is, you need to prove to them that you own this domain. If the CA is using the ACME protocol, this can be carried out using DNS or HTTP.

If all goes well, the CA will issue you a certificate, which you install on your server (this is automated by ACME clients). You finally bind that certificate to whichever service you're running (this also can be automated by some ACME clients).

dave_thompson_085 avatar
jp flag
A _TLS_ server certificate can be for one or more domain name(s) (not just "a" = one), and/or IP address(es) at the CA's option, which most don't and LE in particular doesn't. Other types of certs, even TLS client much less S/MIME and code or document signing, sometimes or always use other identities.
Score:0
bd flag

Typically you'd get a regular Wildcard certificate to secure any subdomains you need along with your domain name. But in your instance, if you want to secure an IP address instead of a common name, you can do it via an IP address SSL certificate. Please note that you can encrypt only a public IP address, as third-party CAs don't support private IPs.

The cert I've linked includes 2 IP SANs by default so it will cover your main domain and IP subdomain.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.