Do you need a domain name if you are hosting a Lemmy instance, or will it work fine with just an ip-address + port (e.g. <username>@<ip-address>:<port>
)?
Do you need a domain name if you are hosting a Lemmy instance, or will it work fine with just an ip-address + port (e.g. <username>@<ip-address>:<port>
)?
it requires a name that can be addressed as https://sub.domain.name - otherwise it won’t allow https inbound.
SSL certificates for IP addresses are possible; but they require you to outright own the IP(-range). Some large organizations do. So for individuals it’s rather unheard of, but it’s technically achievable.
https://sectigostore.com/page/ssl-certificate-for-ip-address/
Well, I just learned something, but what does “control” the IP mean? If they are only validating a single address via http then presumably you could just use an Amazon elastic IP as long as it resolves. I doubt that letsencrypt will support that but I would be interested to know. If they do then yeah, you could presumably set up the instance using the IP as the name, but I don’t know why you would want to. Apart from the fact that it would be hard to remember, could change at some point, screwing things up, it might work. I suggest OP do the necessary and report back accordingly.
I believe that means you must be registered as the owner with the RIPE or whichever authority is in charge of administrating IP ranges, so that would also negate the point of chaining IP addresses, since that would indeed be a permanent fixture.
For AWS it should then only work if Amazon Inc. is the applicant for the SSL cert., not merely a user. So it’s a quite theoretical application at best.
yes, there had to be catch, although the guy in this letsencrypt support thread is a senior Letsencrypt engineer and he seems to be saying it is possible - although letsencrypt doesn’t support it. I do think you’d have to show a bit more to the issuer to prove ownership than an http acme challenge though.
It doesn’t make a lot of sense for LetsEncrypt to spend time adding support for such certs, since both a domain name and a cert from another CA are cheaper than buying an IPv4 block