HTTPS With IP Address

Hello,

I followed this simple guide on getting Nextcloud setup on a linode server but I cannot get HTTPS enable and only have HTTP which is not a secure connection.

I did everything in the video but I skipped the domain part (Step 4 & 5). I do not want to buy a domain name for my Nextcloud server and I am perfectly fine with remembering an IP address.

How do I get HTTPS to work with the IP address only?

As it seems, you are using snap, posting in snap forum might help get more response.

AFAIK it is not possible to get a (edit: signed/trusted) certificate for an IP address.
Why not get a free domain with freenom or similar?

You have to create your own certs using openSSL but be careful :
You will have a lot of trouble when browsing into your nextcloud with firefox etc. In one or two year it will be kind of blocked to visit a https that don’t match domain - sslcert.
You will have warning message using the nextcloud client
You won’t be able to easily use OnlyOffice or CollaboraOffice.

Freenom reviews show it is bad place to get a domain.

1 Like

There are probably others. Either go for something self-signed, free domain or you need to buy one. Sometimes you provider gives you a hostname, perhaps you can use this.
Just check on linux: host 8.8.8.8 (with your ip of course)

you don’t. (unless you go selfsigned)

you can get a pretty cheap domain, though https://gen.xyz/1111b

or even free, if you take a third-level domain from a dynamic dns provider like duckdns, freedns or nsupdate

Assuming you can actually get one, their free domains are actually never yours, you just can use it as long as they allow it.

So I will need a domain name in order to use HTTPS? Or else I will have to jump through some more hoops and Firefox will not like this in a few years?

Certificates from an authority cannot be for an IP Address, they can only be for an actual domain name. Certificate Authorities that issue certs for IP addresses have actually been removed as trusted by browsers from Mozilla and Google.

That means your options are using a self signed certificate (which a lot of apps refuse to work with) or getting a free domain from dot.tk (freenom) or similar.

Not really. I’ve been using freenom for my .tk domain for years without issue. There are some mail servers that will instantly send mail from a .tk address to spam, but I haven’t really had any trouble in that regard.

But if you really don’t want to use freenom, there are alternatives such as No-IP:

o_O
How is that different from any other domain name provider?

I mean, that’s some serious tin-foil hat shit.

It is A LOT different.

With any other paid domain you have a contract that says “domain is yours as long as you pay.”

With freenom, your contract says “domain is ours but you can use it as long as we say.”

If you want a domain, pay for it.

1 Like

I dont see

http://www.freenom.com/en/termsandconditions.html

Have been using them for years, their DNS is not always as fast as, one would like or claimed, but afaik lowest prices for paid domains ever.
Their free domains should not be used commercially, you do what you want with paid ones.

Exactly, clean https (without security warnings everywehere and everytime) needs a certificate which is valid for a certain domain. If you then browse to this domain, the browser checks if the name in the certificate is that one where you browsed, among other things. This is simply designed to work with Domainnames, and not with IPs.

Get a proper domain, its not expensive at all.

the correct sentence would be: “AFAIK it is not possible to get a signed/trusted certificate for an IP address.”

so any selfsigned certificate will do. because anyway you have to manually trust it with a click on “don’t care, go on.” in your browser.

juts tested with my playbook:

grafik

unless the snap installations sets “header Strict-Transport-Security”. in this case it must be a signed certificate that fits to your domain.

1 Like

You say that, but you haven’t explained why.

And the Mozilla licence says the same. Are you claiming that Firefox users might suddenly have their browser taken from them?

Freenom (and other free domain providers like No-IP) still have to abide by the laws of the jurisdiction in which they reside. Freenom provides .tk domains, which is the TLD of Tokelau, a dependant territory of New Zealand. This means Freenom’s .tk domains are required to abide by the consumer protection laws of New Zealand. And Freenom itself is based in the Netherlands, meaning the company is required to abide by the consumer protection laws of the European Union. That makes my .tk domain better protected than domains from a US-based company like No-IP, where there are virtually no consumer protections.

If you want a domain for a business, pay for it and get even more protections. But for a home or personal domain, any of the free domain providers are fine, and Freenom has been one of the best for years.

If you disagree, provide some evidence or reason to support your position. Otherwise you’re just repeating bullshit claims like you’re Donald Trump at a political rally.

1 Like

you may try to use the reverse dns name of your linode server.

grafik

https://www.linode.com/docs/platform/manager/remote-access/

scaleway server names are like xxx-xxx-xxx-xxx-xxx.pub.cloud.scaleway.com. and you get an letsencrypt certificate for them.

but letsencrypted doesn’t issue certificates for aws names like ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com.

so i cna’t tell you if it’s working for linode.

This is not the point.

Please read this extract from their terms and conditions:

Subject to the terms and conditions of this Agreement, we hereby grant you a limited, non-exclusive, personal, non-transferable license to use FREE DOMAIN and the domain name provided to you in connection therewith. You shall retain such right to use theservice for so long as you comply with each of the terms of this Agreement, and for so long as we make the service available to you.

This Agreement shall terminate on the earlier to occur of the following events: (i) voluntary termination by you for any or no reason pursuant to Section 1, (ii) termination by Freenom for any or no reason [and more…]

Compare it with a proper registrar:

You are the owner of the domain name, meaning that You arethe person or registered organization that has been declared asthe owner of a domain name upon its registration, and visible inthe public Whois database, which may be accessed for example,at “https://www.gandi.net/whois” (hereinafter the “Customer” or"You", “Your”, or “Owner Contact”).

1 Like

almost. but it’s more like:

Exactly, clean https (without security warnings everywehere and everytime) needs a signed certificate which is signed by a trusted authority and is valid for your url. regardless if it’s an fqdn or an ip address. If you then browse to this domain, the browser checks if the name in the certificate is that one where you browsed and is signed by an authority your browser trusts, among other things like if the certificate is revoked.

This is simply designed to work with Domainnames, and not with IPs.

That would work as well with ip addresses. But no signing authority would trust your ip address. Because you can’t be the owner of an ip address. Not like you are an owner of a domain.

So you can trust yourself: Setting Up Certificate Authorities (CAs) in Firefox | Firefox for Enterprise Help

The cheapest possible real domain name is 99cents/year, Steve.

Most domains are under $20/year.

This is not true, not true at all: Various Licenses and Comments about Them - GNU Project - Free Software Foundation

And please, don’t take me for someone that wants you to spend money for no reason, I am perfectly happy to help people setting up self signed certs.

1 Like

That IS the point. All free software and services have the same clauses in their licenses or terms of service. ALL OF THEM. Calling out one specific service for stating they can terminate the service for whatever reason, as if it’s somehow unique, is dishonest at best.

Now you’re being overtly dishonest. A “proper” registrar? Seriously?

“Real” domain? How are you defining a “real” domain compared to a “fake” domain? The language you are using demonstrates your bias and lack of understanding how any of this works.

Why would you link to gnu in order to describe Mozilla’s MPL? Gnu was founded by a sex offender, you should have linked directly to Mozilla’s description of their license. The Mozilla license has a whole section on termination. Debian Linux even includes “Iceweasel” instead of Firefox in order to avoid violating the Mozilla license. I’m typing this in “Waterfox”, that treads carefully not to lose their access to MPL licensed code.

Self signed certificates are rubbish in a modern world of mobile devices. It’s incredibly difficult to piece together the various mobile apps that will talk to personal email servers, or sync contacts or calendars, or sync photos and files, unless you have a CA certificate.

What are you envisioning here? Just a vanity website? Then who cares what free domain you get? Change it if you need to. Or are you talking about something closer to my setup, where my phone connects to my personal email server, any photos I take are automatically uploaded to my server, and contacts are calendar are synchronised.

I used to use self-signed certificates, but I needed to use dodgy and unreliable apps to make things work. As soon as I was able to get Let’s Encrypt certificates for my perfectly reliable Freenom .tk domain, everything became easier.

I’ve been using a .tk domain for years, and you still haven’t provided a single reason why Freenom would take the domain away on a whim. All you have is hyperbole and links to sex offender domains.