opensslssl-certificate

Can I certify website without domain name?


Is it possible to do self signed certification a website without domain name? I have read that let'sencrypt.org does not issue certificate for having no domain name.


Solution

  • If you want a certificate from LetsEncrypt that would be trusted by most browsers you need a domain that resolves to your server. LetsEncrypt does not issue certs for IP addresses nor for custom dev-domains like .local.

    You can of course create and sign a certificate yourself, for every domain name you want, or even for IP addresses. The domain name can be anything, and doesn't necessarily be the one you use to access the site. The webserver won't mind. Your browser will display a lot of warnings, though (CN mismatch, non-trusted signature-path), but if you skip/ignore those you can access your site via HTTPS.

    For local development certificates there also is the tool mkcert, which even makes your browser trust them by adding a local CA.