Glad you were able to get it working, @Amal!
In general, that configuration requires the (sub)domain that the SSH certificate was issued for.
It's not because SSH certificates can't be issued for IPs. This is because it's a lot harder to verify the ownership of an IP than it is to verify the ownership of a domain. You could use an IP with a self-signed cert using the custom SSL configuration path but currently neither Collect nor Enketo will accept self-signed certs. This is under discussion and may change.
It takes more effort up front to securely set up SSL but the security benefits are worth it in most contexts. I know that it's annoying for demo or test servers but the danger is that demo or test servers can become production servers out of forgetfulness/laziness/lack of knowledge and that could be dangerous for sensitive data.