Forum Stats

  • 3,727,123 Users
  • 2,245,325 Discussions
  • 7,852,604 Comments

Discussions

SSL Certificates and Remote Access/DNS Pro

Michael.R.Taylor-Oracle
Michael.R.Taylor-Oracle Posts: 255 Employee
edited October 2019 in Dyn Community

Commonly, a user will request to add a SSL certificate to a hostname they use via their Remote Access/DNS Pro service. Unfortunately, regardless of reason or use case, this simply is not possible.

In short, SSL Certificates are associated with the server and Common Name, not the IP address, making them incompatible with the Remote Access/DNS Pro service. You can apply SSL certificate in conjunction with other Oracle Dyn DNS services using your own registered domain, including Standard DNS and Managed DNS.  All SSL configuration and management in these cases would be done without involvement of your DNS service or account and should require no additional support from Oracle Dyn.

Please note that we (Oracle Dyn) are not a SSL certificate provider.

RotBlitza7e8e9cf-b8c9-41fa-b82a-cb0900370b2aMichael.R.Taylor-Oracle

Comments

  • snailhead
    snailhead Member Posts: 3
    edited September 2019

    To get around this issue, I recommend users of DynDNS consider "Let’s Encrypt" and Certbot.

    Because we cannot add a TXT record in DynDNS, wildcard SSL certs won't work unless Oracle adds that as an offering.

    a7e8e9cf-b8c9-41fa-b82a-cb0900370b2a
  • a7e8e9cf-b8c9-41fa-b82a-cb0900370b2a
    edited October 2019

    Yes, LetsEncrypt/CertBot works great with DynDNS.

    Michael.R.Taylor-Oracle
  • User_GIIZ1
    User_GIIZ1 Member Posts: 0 Green Ribbon

    Digicert claim that DynDNS have requested they not sell certificates for DynDNS sub-domains. This is despite one of their domain control validation methods (File DCV - https://docs.digicert.com/manage-certificates/dv-certificate-enrollment/domain-control-validation-dcv-methods/use-file-dcv-method/) being easy to achieve for most setups, however it fails for DynDNS sub-domains. A packet capture of traffic arriving at the host shows Digicert don't even attempt to validate the file. The response from Digicert's helpdesk was "Your are authorized to use a sub-domain of dyndns.org but you do not own the base domain. The owner of the base domain (dyndns.org) has asked us not to validate their domain in our systems and we have to honor that."

    This seems like a pretty non-technical answer, as does the statement in the post above "Unfortunately, regardless of reason or use case, this simply is not possible". Why is that "simply not possible" when Let's Encrypt works? What is the actual technical reason, or is this some form of collusion or anti-competitive behaviour?

Sign In or Register to comment.