Here's an entry from my error log:
2021.06.30@1524 JST *** 404
/api.php?key=1 from http://216.92.213.57/api.php?key=1
Googlebot/2.1 (+http://www.google.com/bot.html)
(Meaning: missing file /api.php?key=1; refer®er was 216...)
Fairly obviously this is some kind of hack, but I wondered what the numeric IP address was. So it pasted it in, and Firefox went into a convulsion: cannot verify certificate etc etc, hackers, damage your computer, bank account, spontaneous combustion, the lot. I persisted in taking the RISK, and looked at http://216.92.213.57 - ha! It's my own site, imaginatorium.com.
Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?
I admit I do not understand this stuff, but most explanations seem to start with logical confusion, then go downhill. Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??