Join the community today
Become a Member

Possible to load page resources over HTTPS using IP?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by RB1, Aug 20, 2017.

  1. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    10:16 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    I'm kind of curious if something like this is possible.

    I have a page located at: https://example.com/product1/
    In the code of that page I am loading a PHP file
    Code (Text):
    <script>
        (function(d, s) {
            var js, upxf = d.getElementsByTagName(s)[0], load = function(url, id) {
                if (d.getElementById(id)) {return;}
                if2analytics = d.createElement("script");if2analytics.src = url;if2analytics.async = true;if2analytics.id = id;
                upxf.parentNode.insertBefore(if2analytics, upxf);
            };
            load("http://163.48.122.201/analytics/static/landing.php?lpip=311", "upxif");
        }(document, "script"));
        </script>

    Obviously I'm getting an "unsafe" script warning for loading this file over HTTP.
    Can I somehow serve this over HTTPS? Not sure if I can pull an SSL certificate for an IP...
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,580
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:16 PM
    Nginx 1.13.x
    MariaDB 5.5
    SSL certificates listed common name need to match a domain name to be secure
     
  3. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    10:16 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    Hmm...so no way to do it via IP.

    Weird...I tested navigating directly to the page resource using HTTPS and it gives me a connection is not private warning. When I edit HTTP to HTTPS inside of the embedded script, I receive no warnings on the page or "Load unsafe scripts" warning. Perhaps my problem is solved?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,580
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:16 PM
    Nginx 1.13.x
    MariaDB 5.5
    check chrome browser dev tools and security tabs when you load page to check
     
  5. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    10:16 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    Hmm I guess I hadn't cleared cache before I tested last time.
    Code (Text):
    GET https://163.48.122.201/analytics/static/landing.php?lpip=311 net::ERR_INSECURE_RESPONSE
    Only solution to put it on an SSL domain? :(
     
  6. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    10:16 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    Ended up just solving this by getting a domain.
    Is there no way to get an SSL cert for my domain using a secondary IP on the server?
    When setting up LetsEncrypt it's detecting my primary server IP although I have a secondary IP properly installed and the domain's A records point to the secondary.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,580
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:16 PM
    Nginx 1.13.x
    MariaDB 5.5
    Where you seeing that ? as letsencrypt would do a reverse lookup for the domain's IP where ever your DNS pointed it to.
     
  8. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    10:16 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    CMM menu option 2 after typing "Y" to generate a self-signed cert and LetsEncrypt vert.
    It is comparing server IP to domain A record and telling me they don't match.
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,580
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:16 PM
    Nginx 1.13.x
    MariaDB 5.5
    That's centmin mod routine lookup not official letsencrypt end lookup and probably a bug/oversight as I am not taking into account additional IPs on the server that the domain might be using. For now ignore the alert and answer no to abort prompt
    Code (Text):
    Abort this Nginx vhost domain setup to setup updated DNS A record(s) first? [y/n]: n
    
     
    • Like Like x 1