Securing a 'secret' web server

[peterH]

Several years ago I added a web server to a desktop app thereby allowing users to access certain parts of the app functionality from a tablet and this has worked fine all along.
The tablet reach the app by using ip address and a port number that was opened in the firewall. Neither the ip or the port no are 'officially published' (but they may/will of course be found by bots etc.)

Now the customer wants a secured connection to the web server (thanks to GDPR!).

So my question is: can I use the built-in LE support for this since there's no registered domain and since they're using an 'odd' port number? Or is the right solution simply to set up a real web server for this purpose? (I suspect the latter).

Peter

[Bruce]

<< Now the customer wants a secured connection to the web server

you don't have a domain, but you can still generate a certificate for the server. (just set the domain name to the server name, like DAISY or whatever it is. No periods in the domain name.)

The connection will be secure, but "untrusted". So the first time the tablet goes there they'll get a warning and need to add an exception to the browser. But then the connection is still secure after that (although more subject to man-in-the-middle attacks.)

cheers
Bruce