Is it save to have IP address without certificate and without icons and redirection to main domain

Debian 12 REQUIRED
Virtualmin 7 REQUIRED

Hello I am have a website with domain and IP address but when I login using ip address no ssl certificate is activated this is the first thing and second icon are not showing I think he cannot read fontawasom links and the most important it is showing the site not blocked or redirected to main domain how I solve this issue any help please
here list of issues

  • SSL certificate is not activated in IP address
  • IP address is not redirecting to domain name
  • I am not sure if it is save like this or not
  • icons are not showing in my website I don’t know why but fontawasom is the issue from network tab in inspect issue it is showing error type has been blocked by CORS

Please try to help ! access my ip and check I am getting error when I try to post a picture

You need to fill in the required information and describe the problem in details, not just type 5 words and hope your issues is fixed.


Hello @akkilah and welcome to the community.

When you use the IP address of your Virtualmin server, you will see a website without a SSL certificate. This is quite normal for most Virtualmin installs because Let’s Encrypt does not offer this feature - it offers SSL certificates for domain names only. If you really must have your IP address show a secure lock icon then you will have to buy and apply a SSL certificate from a CA that supports this feature. I am guessing this last.bit, I have never needed to have SSL for an IP address.

With regard to the issue of icons not showing and scripts not loading, you are experiencing a SSL mixed content error. Please Google the term for more information.

It is easy to redirect the IP address to a domain name. There are multiple methods to accomplish this. In Virtualmin, there is a default website (i.e. domain name / virtual server) which can be set via Virtualmin → Web configuration → Website Options and then set the default IP address for website to Yes.

Let us know how it goes.

thank you for you support I did what you told for redirect of IP I set it to yes but the IP is still showing the website you can check now

I am terribly sorry, I have provided erroneous information about the Default Website functionality of Virtualmin.

I will come back to you with the correct solution shortly.

Letsencrypt does not support SSL certificates on IP addresses

The website is unable to get following asset because it is effectively not on the same domain and that is why the font is not rendered. Your server is probably preventing this. Probably CORS



Don’t use the IP to access the domain. The IP address of your Virtualmin host will show the default domain, which you can change.

Go to the virtual server / Domain you want to be default and then navigate to:

Virtualmin --> Web Configuration --> Website Options --> Default website for IP address

Here is a link that describes how a redirect could be configured to show a domain name if an IP address is used in the browser.

Apologies for the erroneous statement in my earlier message. Hope this works for you.

I tried that and it did not work before in my aapanel and also in this panel and I am using nginx btw and I tried through nginx but did not work files are complicated

it is already activated and I am using nginx btw

I don’t think you should do it, although it is possible, for example with ZeroSSL. But really, why would you want to? It’s better to just use a domain name with Let’s Encrypt.

Even if you use it with an IP address and see an SSL certificate warning, your connection is still secure.

Do not “login using IP address”. That’s a ridiculous thing to do. Use names.

ok thank you for your answer I think I will do so

ok thank you for that I think I will do it but do you know how to block access to ip address and redirected to domain

The default behavior in Apache is that when you create a VirtualHost (name-based, of course), it will always serve the “best” name-based host, if you hit something that resolves to your IP, even if it doesn’t exactly match a VirtualHost. I guess you’ve changed something to break that, if you get a website served without it redirecting. I’m not sure how that would happen, actually. I guess a VirtualHost for the IP without a name? I’ve never had it happen accidentally, so I don’t know for sure what would cause it.

What do your VirtualHosts look like? (I’m just guessing, it may be something else in the Apache configuration.)

Actually, I just tested, and current Apache behavior seems to be to simply serve an error (and you’d get a cert error, which is fine, because you’re never going to point someone at your IP, because you have names for all of your sites…no one should ever go to an IP).

The OP is using nginx I don’t know what difference that makes

Found this

the code

# Uncomment the line below if not previously added in the file
# RewriteEngine On

# Rule to redirect to the named host
# Replace [xx.xx.xx.xx] woth your host's IP address
# Replace [] with your host's proper URL
RewriteCond %{HTTP_HOST} ^xx\.xx\.xx\.xx$
RewriteRule (.*)$1 [R=301,L]

works for me, but its apache.

  • Setup a second virtual server, pick any domain name, doesn’t really matter
  • Make this virtual server the default Virtualmin --> Web Configuration --> Website Options --> Default website for IP
  • Give it a basic index.html with <!DOCTYPE html><title></title>
  • Optionally you could use a 301 redirect (via htaccess) or meta refresh (not SEO friendly) to redirect to

The OP is using nginx so there is no .htaccess

there are equivalents in nginx, but you are right.

Therefore perhaps explain to the OP how that is achieved with nginx, I have one test install withe a lemo stack, which I don’t use so therefore don’t have the knowledge to advise the OP on how to add this to an nginx server