Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
einhorn2021-04-17 03:55:41
Digital certificates
einhorn, 2021-04-17 03:55:41

How to set up https on a Python server accessed by IP?

There is a Python server that is started by the following code:

//PageHandler3.PageHandlerClass3 содержит логику бекенда
def run(server_class=ThreadingHTTPServer, handler_class=PageHandler3.PageHandlerClass3):
    server_address = ('', PORT)
    httpd = server_class(server_address, handler_class)
    print("Serving at", PORT)
    httpd.serve_forever()
run()


The script is stored and run from a Droplet on DigitalOcean. The droplet has an IP, and there are no problems with http requests to the server using this IP.

There is also a frontend (HTML+JS) that is stored on the same droplet and runs on Apache. It makes http requests to the above backend.

There is also a domain that leads to an IP. So far, its function is purely a convenience, so as not to scare away users by having to enter an IP to visit the site.

The problems began when at one point the audio recording function was needed.
If there is no https on the frontend, then navigator.mediaDevices returns null.
We managed to install https on the frontend without any problems (using a certificate for the domain generated using Let'sEncrypt's certbot), but from the https frontend you can't access the backend without https.

I generated another certificate (domain bound, also using certbot) for the backend and added the line
httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, certfile='data//keys//new//cert.pem', keyfile='data//keys//new//privkey.pem', ssl_version=ssl.PROTOCOL_SSLv23)

However, in the browser, when I go to https://IP:port/api/hi I get NET::ERR_CERT_COMMON_NAME_INVALID
I understand that the browser knows that the certificate belongs to the domain, but it sees the IP, and does not even check that the domain is actually tied to an IP. But I don't know any other way to make an http request to the backend other than IP. Just replacing the IP with the domain does not work.

I googled that it's possible to get a certificate for an IP (not a domain), but that IP needs to be mine, not DigitalOcean's.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2021-04-17
@dimonchik2013

does
not issue a license for IP, they only promise
others, but if you don’t want to spend money on a domain ... a certificate is much more expensive than two dollars,
buy a domain - they cost 0.99 in bulk,
and you can still write everything yourself, but it’s unlikely to work

Similar questions
D
Dmitriyshremzer2021-04-12 14:14:08
Squares instead of Cyrillic, how to fix it? 4Reply
I
Igor Koch2017-03-25 20:50:44
Bug in the browser with ssl? 1Reply
K
konigin2015-03-23 20:50:12
Is it possible to sign an AIR application with just a .key file and a password? 1Reply
S
Sergey2015-03-29 16:25:56
WHAT to feed the switch from certificates? 1Reply
V
Viktor Taran2017-04-10 14:49:55
I lost trust in startssl.com, what should I do? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question