Send HTTPS request to IP address not matching certificate domain

Hello,

I am trying to use traefik to handle https to my activemq container. Traefik currently contains a certificate with a domain name like "domain.com" but I would like to send requests to the ip address of the host server and have traefik use the domain.com certificate.

If I send a curl request to the ip address:
curl -vvv -d 'body="Hello World"' https://10.160.1.12/api/message/test

I get this response:
curl: (51) SSL: no alternative certificate subject name matches target host name '10.160.1.12'

If I use --resolve or --connect-to it does work:
curl -vvv --resolve domain.com:443:10.160.1.12 -d 'body="Hello World"' https://domain.com/api/message/test

Is there any way for traefik to take this ip address and match it to the domain name without using the --resolve option?

I am using a http router like this:

  [http.routers.secureactivemq-router]
    entrypoints = ["websecure"]
    rule = "(Host(`domain.com`) || Host(`10.160.1.12`) ) && PathPrefix(`/api/message`)"
    service = "activemq-8161"
    [http.routers.secureactivemq-router.tls]

Hi @BrianH, I believe the only way to achieve this is to load your certificate as the default certificate. That means when Traefik does not match the incoming Host to a certificate Main or SAN's it will serve that certificate instead of its own self generated default cert.

Hi douglasdtm, thank you for the response. I tried your suggestion, but there is only one certificate loaded as the default already which is giving this error.

In the end I wasn't able to get this to work. The solution I used was to match the domain name with the name present in the certificate, so there no longer was need to use something like --resolve.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.