Forum Stats

  • 3,875,076 Users
  • 2,266,801 Discussions


SSL Certificates and Remote Access/DNS Pro

Michael.R.Taylor-Oracle Posts: 255 Employee
edited Oct 20, 2019 7:02AM in Dyn Community

Commonly, a user will request to add a SSL certificate to a hostname they use via their Remote Access/DNS Pro service. Unfortunately, regardless of reason or use case, this simply is not possible.

In short, SSL Certificates are associated with the server and Common Name, not the IP address, making them incompatible with the Remote Access/DNS Pro service. You can apply SSL certificate in conjunction with other Oracle Dyn DNS services using your own registered domain, including Standard DNS and Managed DNS.  All SSL configuration and management in these cases would be done without involvement of your DNS service or account and should require no additional support from Oracle Dyn.

Please note that we (Oracle Dyn) are not a SSL certificate provider.



  • snailhead
    snailhead Member Posts: 3
    edited Sep 10, 2019 5:32PM

    To get around this issue, I recommend users of DynDNS consider "Let’s Encrypt" and Certbot.

    Because we cannot add a TXT record in DynDNS, wildcard SSL certs won't work unless Oracle adds that as an offering.

  • User_OWFKE
    User_OWFKE Member Posts: 9 Red Ribbon
    edited Oct 20, 2019 7:02AM

    Yes, LetsEncrypt/CertBot works great with DynDNS.

  • User_GIIZ1
    User_GIIZ1 Member Posts: 4 Green Ribbon

    Digicert claim that DynDNS have requested they not sell certificates for DynDNS sub-domains. This is despite one of their domain control validation methods (File DCV - being easy to achieve for most setups, however it fails for DynDNS sub-domains. A packet capture of traffic arriving at the host shows Digicert don't even attempt to validate the file. The response from Digicert's helpdesk was "Your are authorized to use a sub-domain of but you do not own the base domain. The owner of the base domain ( has asked us not to validate their domain in our systems and we have to honor that."

    This seems like a pretty non-technical answer, as does the statement in the post above "Unfortunately, regardless of reason or use case, this simply is not possible". Why is that "simply not possible" when Let's Encrypt works? What is the actual technical reason, or is this some form of collusion or anti-competitive behaviour?