How do I set up https for Guacamole if I don't have a domain?
Hello. No-nothing newbie here. I set up a Linode from the Marketplace Guacamole without a domain. I just use the numeric IP address in a browser for access to the desktop environment. The use case is to have a desktop environment in the cloud to test IP address-based access rules from an external IP. (Shells[dot]com, onworks[dot]com, and bunny.lucy.sh work but can be finicky so I'm looking for a reliable alternative).
Anyway, the Linode Guacamole setup works great but I can only use http. Do I have buy a domain to get https? Thanks for any comments.
4 Replies
✓ Best Answer
Do I have buy a domain to get https? Thanks for any comments.
Generally, yes. If you buy a commercial cert, you can buy them for IP addresses. However, I believe LetsEncrypt certs (which are free) only support domains. Since you can move a domain to a new IP address, certs based on domain names are much more portable.
You could use /etc/hosts & generate a self-signed cert but that wouldn't do you much good on the open internet (all the commercial/open-source browsers will generate warnings about self-signed certs and "fake" domain names made with /etc/hosts entries are private to the node where /etc/hosts lives).
I'd just buy a domain. Pick the cheapest registrar you can find (see: https://themegrill.com/blog/best-domain-name-registrars/) and don't buy a lot of up-sell frills to go along with it. However, if the registrar does offer "private registration", pony up for that. It keeps your contact info out of the whois database (a source of info for spammers).
-- sw
Not all commercial certificate authorities will issue certificates to IP addresses, and those that will will only do in extremely limited circumstances.
One of the requirements is that you/your organization must own the IP address for which the cert is being issued. As YOU do not own your Linode's IP (Linode does), you won't be able to meet that requirement.
Buy a domain and use Let's Encrypt.