Forum Stats

  • 3,727,123 Users
  • 2,245,325 Discussions
  • 7,852,604 Comments

Discussions

How to make SSL certificate work for site behind router

User_A3KPS
User_A3KPS Member Posts: 3 Green Ribbon
edited April 20 in Dyn Community

Hi,

I have a web server running on a PC, connected to a router. The site running on that PC server can be accessed via the router IP address plus port number. That is why I use dyndns.info, to have a fixed URL for the site.

All is well with http. But I would like to have it secured, i.e. use https with a valid certificate.

How can that be done?

Thank you!

Tagged:

Answers

  • User_GIIZ1
    User_GIIZ1 Member Posts: 0 Green Ribbon

    Did you find an answer to your question? I tried to purchase a Digicert certificate yesterday and was told that DynDNS had requested them not to generate certificates for DynDNS domains. I've managed to get a Let's Encrypt certificate, but it has to be renewed every three months, so was hoping for a more permanent solution.

    Thanks!

  • User_A3KPS
    User_A3KPS Member Posts: 3 Green Ribbon
    edited April 21

    No, I don't think it is possible. What I found out so far is that any good domain service has DynDNS integrated, so it can easily be used with your own domain. Like that, there should be no issue with certificates. Most hosters also have Let's Encrypt integrated, meaning you can set it up with a few clicks and it will renew itself automatically each year.

    My issue is a bit special, because my client set up his personal server and dyndns.info himself and I don't know his setup well. So if I could use https while keeping dyndns.info, that would make it easier. But, as I said, I don't think it is possible. Therefore I'm trying to convince my client to switch.

    Unless somebody here has a better idea ...

    (About Digicert: Normally you can only create a valid certificate (not self-signed) for a domain that you own. And you don't own dyndns.info ;-)

  • User_GIIZ1
    User_GIIZ1 Member Posts: 0 Green Ribbon

    Thanks for the info on good domain services, however my situation is also special - my client has a number of services running locally, so a good domain service is no help. A static IP address is possible (so the dynamic DNS aspect of DynDNS isn't important), but a few services need a certificate to be signed with (so incoming connections can trust the service, and ensure that communications are automatically encrypted). I suppose I could buy a domain and manually manage the DNS details, but DynDNS has been working fine till now.

    I'm not trying to create a certificate for the base dyndns.org domain - my certificate will only be used for a sub-domain. Surely certificates don't apply to a single domain level? This seems like a petty commercial decision rather than one forced by limitations in the technology. As I said, Let's Encrypt worked fine for the sub-domain of dyndns.org, but it was painful as each few months I had to install a new certificate (and any updated intermediate certificates) in each of the services that rely on SSL.

    It looks like Digicert cannot provide the service I need - are there any other certificate providers who aren't in cahoots with Oracle?

  • User_A3KPS
    User_A3KPS Member Posts: 3 Green Ribbon

    If you use your own domain to connect to the router, then you can install your certificate for that domain on the router (if the router has that feature, mine does). With a fixed IP you don't need DynDNS. But if you do need DynDNS, then with a good domain service you can have it with your own domain.

    I don't think it matters much if the certificate is for domain or sub-domain. Using a certificate for a sub-domain where you don't own the domain seems like a bad idea, even if it works. If it's ok for you, go ahead ...

    There are different certificates, some just for a single (sub-)domain, some for wildcard domains, the latter usually more expensive. I don't know about Let's Encrypt, if they do wildcard domains, too. I'd be surprised if they don't.

    I'd also be surprised if this was only an Oracle issue. Please post your solution here, if you find one.

Sign In or Register to comment.