While traditionally SSL/TLS certificates are issued for domain names, it is possible to obtain them for public IP addresses. Here's how you can get an SSL certificate for an IP address:

   Ensure You Control the Public IP Address:
   You must have control over the specific public IP address you wish to secure. Certificate Authorities (CAs) need to verify this control.
   Generate a Certificate Signing Request (CSR):
   You will need to generate a CSR on your server, specifying the IP address as the Common Name (CN) or as a Subject Alternative Name (SAN) in the request. Tools like OpenSSL can be used for this.

Code

   openssl req -new -newkey rsa:2048 -nodes -keyout your_ip_address.key -out your_ip_address.csr

During the CSR generation, when prompted for the Common Name, enter your public IP address. If using SANs, you would include the IP in the SAN extension within a configuration file.

   Choose a Certificate Authority (CA) and Order the Certificate:
       Commercial CAs: Many commercial CAs offer IP address certificates. Select a reputable CA and follow their ordering process, submitting your generated CSR.
       Let's Encrypt: Let's Encrypt now supports issuing certificates for IP addresses. You will need to use an ACME client (like Certbot or ACME.sh) that supports this feature.
   Validate Your Control of the IP Address:
   The CA will require you to prove ownership or control of the IP address. The common method for this is the HTTP File-based Token DCV (Domain Control Validation) method, where you upload a specific file containing a unique token to a designated location on your web server, accessible via HTTP/HTTPS on that IP address.

   Install the SSL Certificate:
   Once the CA validates your control and issues the certificate, download it along with any intermediate certificates provided. Install these on your server according to the instructions for your specific web server software (e.g., Apache, Nginx, IIS).
   Automate Renewal (for Let's Encrypt):
   If using Let's Encrypt, automate the certificate renewal process, as these certificates typically have a shorter lifespan (e.g., 90 days). Your ACME client can usually handle this.

Important Considerations:

   Public IP Addresses Only:
   SSL certificates cannot be issued for private or reserved IP addresses (e.g., 192.168.x.x, 10.x.x.x).
   Validation Method:
   Be prepared for the HTTP File-based Token DCV method, as it's the primary way to validate IP address control for CAs.
   Browser Compatibility:
   While modern browsers generally support SSL for IP addresses, older systems or specific configurations might behave differently, especially if the IP is only in the SAN field on older Windows versions.