Can I certify website without domain name?
If you want a certificate from LetsEncrypt that would be trusted by most browsers you need a domain that resolves to your server. LetsEncrypt does not issue certs for IP addresses nor for custom dev-domains like .local
.
You can of course create and sign a certificate yourself, for every domain name you want, or even for IP addresses. The domain name can be anything, and doesn't necessarily be the one you use to access the site. The webserver won't mind. Your browser will display a lot of warnings, though (CN mismatch, non-trusted signature-path), but if you skip/ignore those you can access your site via HTTPS.
For local development certificates there also is the tool mkcert, which even makes your browser trust them by adding a local CA.
self-sign the certificates
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
by running this command two files are created cert.pem
and key.pem
, in this process it will ask few questions which are necessary to create certificate . Since we have passed days argument as 365, it is valid for another one year.
Use the key files to certify ip example: 127.0.0.1
or 54.198.xx.xx
(EC2 instance IP)
The certificate generated is of x509 standard