How to prevent certificate error if someone uses the IP instead of the domain name?

[PredatorVI]

The whole proxy thing is new to me so I apologize for the n00b question.

My router firewall port forwards 443 to my nginx-proxy-manager instance. I have a domain and a few subdomains that are working just fine with certificates from LetsEncrypt.

If someone uses my public IP (e.g., https://1.2.3.4) I have a 'Redirection Host' setup to return a 301 and redirect to the domain (e.g., https://mydomain.com).

However, if the user goes to https://1.2.3.4 I get a certificate error, because the certificate is for mydomain.com. If I accept the risk and proceed, the redirect happens to the correct site just fine.

Is there a way to prevent the certificate error? I don't believe I can get a certificate for an IP address and I don't know if it is possible to redirect to the domain (e.g., https://mydomain.com) before the TLS handshake happens which is where the certificate error happens. Maybe just disabling 443 when using the IP? I'm not sure that even makes sense.

Thanks for any insight.

[troubleshootme]

I believe Globalsign does this, let's encrypt does not.