23
submitted 1 year ago* (last edited 1 year ago) by Kalcifer@lemmy.world to c/selfhosted@lemmy.world

Do you need a domain name if you are hosting a Lemmy instance, or will it work fine with just an ip-address + port (e.g. <username>@<ip-address>:<port>)?

you are viewing a single comment's thread
view the rest of the comments
[-] fuser@quex.cc 3 points 1 year ago* (last edited 1 year ago)

it requires a name that can be addressed as https://sub.domain.name - otherwise it won't allow https inbound.

[-] godless@latte.isnot.coffee 4 points 1 year ago

SSL certificates for IP addresses are possible; but they require you to outright own the IP(-range). Some large organizations do. So for individuals it's rather unheard of, but it's technically achievable.

https://sectigostore.com/page/ssl-certificate-for-ip-address/

[-] fuser@quex.cc 4 points 1 year ago

Well, I just learned something, but what does "control" the IP mean? If they are only validating a single address via http then presumably you could just use an Amazon elastic IP as long as it resolves. I doubt that letsencrypt will support that but I would be interested to know. If they do then yeah, you could presumably set up the instance using the IP as the name, but I don't know why you would want to. Apart from the fact that it would be hard to remember, could change at some point, screwing things up, it might work. I suggest OP do the necessary and report back accordingly.

[-] godless@latte.isnot.coffee 6 points 1 year ago

but what does “control” the IP mean

I believe that means you must be registered as the owner with the RIPE or whichever authority is in charge of administrating IP ranges, so that would also negate the point of chaining IP addresses, since that would indeed be a permanent fixture.

For AWS it should then only work if Amazon Inc. is the applicant for the SSL cert., not merely a user. So it's a quite theoretical application at best.

[-] fuser@quex.cc 1 points 1 year ago

yes, there had to be catch, although the guy in this letsencrypt support thread is a senior Letsencrypt engineer and he seems to be saying it is possible - although letsencrypt doesn't support it. I do think you'd have to show a bit more to the issuer to prove ownership than an http acme challenge though.

[-] master@lem.serkozh.me 4 points 1 year ago

It doesn't make a lot of sense for LetsEncrypt to spend time adding support for such certs, since both a domain name and a cert from another CA are cheaper than buying an IPv4 block

this post was submitted on 11 Jul 2023
23 points (96.0% liked)

Selfhosted

39677 readers
826 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS