requested domain name does not match the server’s certificate

February 28, 2018 3.6k views
Apache Let's Encrypt DigitalOcean Ubuntu Ubuntu 16.04

Hi all,

my requirement is i need to redirect from http://domain.com to https://192.163.9.89:9090/admin/login

The url (https://192.163.9.89:9090/admin/login) is the web application using flask

The error am getting while running from the browser is ** your connection is not secure
192.163.9.89:9090 uses an invalid security certificate. The certificate is only valid for the following names: domain.com, www.domain.com**

The following are the installation/configuration steps carried out:
I)

My domain is registered in Godaddy
in Godaddy, the forwarding section we had added the URL

https://192.163.9.89:9090/admin/login
Forward Type: Permanent(301)
SETTINGS: Forward Only

II)
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install python-certbot-apache
sudo certbot --apache -d domain.com -d www.domain.com

III)
certificates are generated in the following location
/etc/letsencrypt/live/domain.com/
cert.pem
fullchain.pem
chain.pem
privkey.pem

IV)

In the following location /etc/nginx/sites-available/default

The following is the change

    server {
    listen 80;
    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name domain.com www.domain.com;

    location /.well-known {
            alias domain.com;
            allow all;
            default_type "text/plain";
            autoindex    on;
            }
            location / {
            return 301 https://domain.com$request_uri;
            }

}

  server {

   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   server_name domain.com www.domain.com;

    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by
    Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        location / {
          proxy_pass "https://192.163.9.89:9090/admin/login";
        }
        }

V)

In the following location /etc/nginx/sites-enabled/000-default.conf

The following is the change

    <VirtualHost *:443>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ServerName http://www.domain.com
    Redirect permanent / https://192.163.9.89:9090/admin/login
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined



   </VirtualHost>

VI) In the following location /etc/apache2/sites-available/default

    <VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName https://192.163.9.89:9090/admin/login
    Redirect permanent / https://domain.com

    DocumentRoot /var/www
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            Allow from all
      </Directory>
     SSLEngine on
     SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
     </VirtualHost>

VII)
In flask web application app.py the following is the change

    if __name__ == '__main__':
    app.run(port=9090,ssl_context=('/etc/letsencrypt/live/domain.com/cert.pem','
     /etc/letsencrypt/live/domain.com/privkey.pem'),host='0.0.0.0')

Please suggest how can i resolve the error

Please suggest what best can be done to redirect to the https URL seamlessly

1 Answer

You cannot acquire a LetsEncrypt certificate for an IP address currently. You could either use a paid CA to issue a certificate for the IP address, reconfigure your control panel to use the domain name instead of the IP address or set up a reverse_proxy configuration in nginx to route the control panel access through it instead of redirecting it.

  • Thanks ryan...
    That was helpful,

    Can u confirm the steps to be taken from GoDaddy & Ubuntu (wrt Nginx) . Need yur help

Have another answer? Share your knowledge.