🔒 SSL Certificates for IP Addresses

HTTPS for Any IP: Get a valid SSL certificate via Let's Encrypt for any public IP address.
Trusted by Browsers: All certificates are officially recognized — no security warnings or errors.
Zero Configuration: No need to configure DNS or run your own SSL server.
Automatic Renewal: Certificates are renewed automatically with no manual steps.

🔧 How It Works

You can't get an SSL certificate directly for a raw IP address — certificate authorities (including Let's Encrypt) don’t issue them. DNSBox solves this by giving you a free SSL certificate for any public IP within seconds, no domain or custom DNS required.

We automatically inject DNS and complete ACME validation by issuing a Let's Encrypt certificate for a subdomain like 123.123.123.123.dnsbox.io. Both IPv4 and IPv6 are supported. It just works — open HTTPS to your IP via DNSBox.

DNSBox maps IP addresses to domain names automatically. Just encode the IP in the subdomain:

IPv4: 1.2.3.4.dnsbox.io → 1.2.3.4
IPv6: 2a01-4f8-c17-b8f--1.dnsbox.io → 2a01:4f8:c17:b8f::1
HTTPS: Get a valid SSL certificate issued via Let's Encrypt
WebSocket: Full WebSocket support (Upgrade headers are preserved)

🎯 Use Cases

DNSBox is a universal tool for instant access to IP addresses via DNS and HTTPS — with zero configuration:

Web development & testing: Create temporary domains for local or remote servers. Perfect for demos and testing without modifying DNS records.
Internet of Things (IoT): Ensure stable access to your IoT devices in dynamic environments using persistent domain names. Simplify management and monitoring.
Temporary servers: Instantly assign domain names for demo or short-term environments. No need to buy or configure domains.
Enterprise deployments: Run your own DNSBox node for full control over DNS and SSL certificates. Secure your infrastructure and keep data private.

🌍 Why Use DNSBox for SSL on IP Addresses?

✨ No need to own or configure a domain
✨ Issue Let's Encrypt SSL certificates without a domain
✨ Works with any IP (IPv4 or IPv6) — no static address required
✨ Automatic DNS and HTTPS setup out of the box
✨ Fast, reliable, globally accessible — production-ready
✨ Perfect for APIs, CI/CD pipelines, DevOps, temporary servers, and VPNs

❓ Frequently Asked Questions

What does DNSBox do? DNSBox lets you get a free SSL certificate for any IP address — even if you don’t own a domain. Just use a subdomain like 123.123.123.123.dnsbox.io, and we’ll issue and manage the certificate for you automatically.
How do I use DNSBox? Simply replace your IP in the URL with IP.dnsbox.io. For example:
https://167.172.5.205.dnsbox.io
We’ll handle the DNS and SSL setup — you don’t need to configure anything.
Can I get HTTPS for an IP address without a domain? Yes — that’s exactly what DNSBox is built for. You’ll get a valid SSL certificate for your IP address with no need to register or own a domain. Just use a subdomain like IP.dnsbox.io and we’ll complete ACME validation via Let’s Encrypt.
Is it secure? Yes. We use Let’s Encrypt and secure all traffic with HTTPS. You can also manually verify the issued certificate at any time.
Is it free? Yes — it's completely free for public use, and the source code is open.
Which IPs does DNSBox work with? It works with any public IPv4 or IPv6 address.
What if I have a dynamic IP? You can still use DNSBox, but the certificate will only be valid for the IP used during setup. For dynamic IPs, we recommend pairing with a DDNS service.
How long are the certificates valid? Let’s Encrypt certificates are valid for 90 days. DNSBox will automatically renew them for you.
Can I use DNSBox in production? Absolutely. DNSBox is production-ready — perfect for CI/CD pipelines, public APIs, SPAs, IoT deployments, or anything that needs HTTPS over an IP address.
Do I need to register or create an account? No. DNSBox works without registration — no account required.
What happens if my server is offline? If your IP (e.g., *.dnsbox.io) becomes unreachable, browsers will show a connection error. DNSBox will keep the certificate active, and everything will work again once your server is back online.
How does IP verification work before issuing a certificate? We use DNS-based validation via subdomains. DNSBox controls the dnsbox.io zone, which allows it to quickly create the required TXT records for Let’s Encrypt.
Can I use DNSBox with private/internal IPs (e.g., 192.168.0.1)? No. DNSBox only works with publicly accessible IP addresses on the internet.
Where’s the source code? View on GitHub

🧪 Want to Self-Host?

DNSBox lets you get an SSL certificate for an IP address without buying a domain or configuring DNS — just use a subdomain like IP.dnsbox.io and it works out of the box.

But if you prefer a fully self-hosted instance that manages its own DNS records and certificates, you'll need to set up the infrastructure manually:

What You’ll Need for Self-Hosting:

1. ✅ Buy a domain (e.g., example.com).
2. 🖥 Rent at least two servers with public static IP addresses — they’ll serve as your NS servers.
3. 🛠 Create NS records at your domain registrar pointing to those IPs. For example:


ns1.example.com → 167.172.5.205
ns2.example.com → 134.199.248.116

4. 🚀 Install DNSBox on each server, passing the correct parameters:

bash <(curl -sSL https://install.dnsbox.io) \
  --ip=167.172.5.205 \
  --domain=example.com \
  --ns=ns1

Parameter Reference:

--ip — the public IP address of the current server (must match your NS record).
--domain — your root domain, e.g. example.com.
--ns — the name of the current NS server (ns1, ns2, etc.).

Additional Flags:

--force-resolv — disables systemd-resolved (if port 53 is in use).
--debug — enables verbose logging (DNSBOX_DEBUG=true).

📌 Once your DNSBox node is running, it will:

act as an authoritative NS server,
respond to DNS queries,
automatically request SSL certificates for IPs via Let’s Encrypt,
enable HTTPS and WSS access — without relying on dnsbox.io subdomains.

💡 Ideal for scenarios where you:

need full control over infrastructure,
are deploying APIs, dev tools, or VPNs on raw IPs,
build autonomous systems that require HTTPS without a domain.

🔗 View the source code and documentation:
github.com/crypto-chiefs/dnsbox

✅ How to Verify It's Working

After setting up DNSBox, make sure your SSL certificate for the IP address has been issued and is accessible via HTTPS. Below is a step-by-step guide for two scenarios: using IP.dnsbox.io and self-hosted deployment.

1. If you're using `IP.dnsbox.io`

DNSBox automatically spins up DNS and an HTTPS proxy for your IP — no extra setup required.

DNS Record Check:

dig +short 167.172.5.205.dnsbox.io

Expected result: the IP of a DNSBox nameserver (e.g., 167.172.5.205, if that was specified during setup).

HTTPS Check in Browser:

https://167.172.5.205.dnsbox.io

🔒 The browser should show a secure connection with a valid Let's Encrypt certificate.

2. If you deployed DNSBox yourself

In this case, you're managing your own infrastructure: domain, NS records, and DNSBox nodes. Make sure everything is configured properly:

NS Records Check:

dig NS example.com

Ensure the domain returns ns1.example.com., ns2.example.com., and so on.

NS Server IPs Check:

dig A ns1.example.com
dig A ns2.example.com

The response should include the actual IPs of your VPS nameservers.

Zone Resolution via Specific NS:

dig @167.172.5.205 A example.com

Verify that the domain resolves to the expected IP address.

📌 If you run into issues — double-check that DNS is working, NS records are correct, and DNSBox is running on all your NS servers.

⚙️ Technical Details

Core Implementation

Written in Go with zero external dependencies for HTTP/DNS
Uses miekg/dns for the built-in DNS server
Built-in DNS (UDP + TCP on port 53), HTTPS (:443), and REST API (:80)
Single binary + systemd unit — ideal for servers, VPS, and edge nodes

DNS and Routing

IP Parsing from Subdomain:

1.2.3.4.dnsbox.io → 1.2.3.4
2a01-4f8-c17-b8f--1.dnsbox.io → 2a01:4f8:c17:b8f::1 (где -- → ::, - → :)

Supported DNS Record Types:

A, AAAA: A / AAAA — IP address extracted from the domain name
TXT: TXT — Stores and replicates ACME challenges
NS, SOA, SRV: NS, SOA, SRV — Generated dynamically (including peer discovery)
CNAME, MX, TXT: CNAME, MX, TXT — Manually set via custom_domains.txt

Custom DNS Module

Supports adding custom A, CNAME, MX, TXT, AAAA records via custom_domains.txt
The file is embedded via embed.FS — no external config management required
Runs in parallel with automatic IP-based generation

TLS and HTTPS

Automatic certificate issuance via Let's Encrypt using dns-01
TXT records are stored locally and synced across nodes via REST API
Certificates are encrypted between nodes using ephemeral ECDH (X25519) + AES-GCM
Certificates are saved in /var/lib/dnsbox/certs and validated on each request

WebSocket

Supports Connection: Upgrade and Upgrade: websocket headers
Compatible with any wss:// client — browsers and CLI tools included

Security & Restrictions

IP blocking via blacklist.txt (supports IPv4, IPv6, and CIDR ranges)
HTTPS and DNS responses are suppressed for blocked addresses
All peer-to-peer communication uses temporary keys and encrypted delivery

Deployment & Configuration

Configured via environment variables:
- DNSBOX_DOMAIN
- DNSBOX_IP
- DNSBOX_NS_NAME
- DNSBOX_DEBUG
One-liner installation via curl | bash with systemd unit setup
Supports --force-resolv to disable systemd-resolved
Supports --debug to enable verbose logging

How to Get an SSL Certificate for an IP Address

Traditional CAs (Certificate Authorities) don’t issue SSL certificates directly for IP addresses. DNSBox is a unique service that bypasses this limitation using dynamic DNS injection. Just use a subdomain like IP.dnsbox.io, and we’ll validate it via Let’s Encrypt — issuing a working HTTPS certificate in seconds.

It’s the perfect solution when you need a SSL certificate for a server over IP, HTTPS for APIs without a domain, or you’re building with IoT, test environments, or tunnels where domain registration isn’t feasible.