Possible to get SSL for webserver using public ip for accces and not domain?

Hello, im currently learning web development and im not quiet sure i grasp how the concept of SSL works.
Im currently working on a testserver, its a Nextcloud instance running on an Ubuntu machine that i have made public trough port forwarding. I access it trough my public IP. But i really dont like opening a none-encrypted server to the internet.

Is it possible for me to add SSL to this since its connected trough IP and not a domain?

I tried using the CertBot-auto but couldnt get it to work(im new with this so could be i did something wrong).

In case i do need a domain, i actually own www.iamkaspernielsen.com
would it be possible for me to get a SSL cert for that and use it on my Nextcloud server somehow?

Any tips or feedback will be greatly appreciated!

Kind regards
Kasper

Yes you need a domain name for certbot to work. You could certainly use the domain you own, but it is recommended to keep it in its own subdomain, such as cloud.mydomain.tld

For testing, you could just generate a self-signed ssl certificate and ignore the warnings, but doing it properly with certbot is honestly less hassle and will be, well, better anyway.

1 Like

With a self-signed certificate do i not need a domain then?
I have been looking into that a bit but im not sure i understand it completely.
This thing im working on is just for learning purpose so it doesnt really have to be enterprise-grade security or anything.

Yes it is possible, but your browser/app/whatever will scream at you that it is insecure. You can ignore those warnings, but you should probably check the fingerprint first so you know it is actually YOUR self-signed certificate.

It is however annoying, and really bad practice to teach people to ignore warnings if you share files with family etc. You will be able to have a proper, signed certificate and easy access to your server for free since you already own a domain. It will be an equal amount of hassle for both alternatives.

It is maybe possible for you to use mod_md as well (you need to run apache as webserver), which is certbot on easy mode

I use this myself, works like a charm

Im gonna give it a look, thanks for the good advice! Cheers

in which way to you administrade your domain? can you use a kind of dyndns? and could you create nc.iamkaspernielsen.com?

e.g. strato (german isp) allows you to set a dns a record to your ip with curl --silent --show-error --insecure --user [BENUTZERNAME]:[PASSWORT] https://dyndns.strato.com/nic/update?hostname=[HOSTNAME]

and you can create your own selfsigned certificate foran ip adress.

grafik

if you want to setup a nextcloud instance (on a new virtiual machine) with that put the ip adress instead of the dns name in the inventory and run the playbook. the rest of the instruction you find in the readme.