This site is currently read-only as we are migrating to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 30th, when you will be able to use this site as normal.

    Forum Stats

  • 3,890,116 Users
  • 2,269,775 Discussions


How to make SSL certificate work for site behind router

User_A3KPS Member Posts: 5 Green Ribbon
edited Apr 20, 2021 3:29PM in Dyn Community


I have a web server running on a PC, connected to a router. The site running on that PC server can be accessed via the router IP address plus port number. That is why I use, to have a fixed URL for the site.

All is well with http. But I would like to have it secured, i.e. use https with a valid certificate.

How can that be done?

Thank you!



  • User_GIIZ1
    User_GIIZ1 Member Posts: 4 Green Ribbon

    Did you find an answer to your question? I tried to purchase a Digicert certificate yesterday and was told that DynDNS had requested them not to generate certificates for DynDNS domains. I've managed to get a Let's Encrypt certificate, but it has to be renewed every three months, so was hoping for a more permanent solution.


  • User_A3KPS
    User_A3KPS Member Posts: 5 Green Ribbon
    edited Apr 21, 2021 12:46PM

    No, I don't think it is possible. What I found out so far is that any good domain service has DynDNS integrated, so it can easily be used with your own domain. Like that, there should be no issue with certificates. Most hosters also have Let's Encrypt integrated, meaning you can set it up with a few clicks and it will renew itself automatically each year.

    My issue is a bit special, because my client set up his personal server and himself and I don't know his setup well. So if I could use https while keeping, that would make it easier. But, as I said, I don't think it is possible. Therefore I'm trying to convince my client to switch.

    Unless somebody here has a better idea ...

    (About Digicert: Normally you can only create a valid certificate (not self-signed) for a domain that you own. And you don't own ;-)

  • User_GIIZ1
    User_GIIZ1 Member Posts: 4 Green Ribbon

    Thanks for the info on good domain services, however my situation is also special - my client has a number of services running locally, so a good domain service is no help. A static IP address is possible (so the dynamic DNS aspect of DynDNS isn't important), but a few services need a certificate to be signed with (so incoming connections can trust the service, and ensure that communications are automatically encrypted). I suppose I could buy a domain and manually manage the DNS details, but DynDNS has been working fine till now.

    I'm not trying to create a certificate for the base domain - my certificate will only be used for a sub-domain. Surely certificates don't apply to a single domain level? This seems like a petty commercial decision rather than one forced by limitations in the technology. As I said, Let's Encrypt worked fine for the sub-domain of, but it was painful as each few months I had to install a new certificate (and any updated intermediate certificates) in each of the services that rely on SSL.

    It looks like Digicert cannot provide the service I need - are there any other certificate providers who aren't in cahoots with Oracle?

  • User_A3KPS
    User_A3KPS Member Posts: 5 Green Ribbon

    If you use your own domain to connect to the router, then you can install your certificate for that domain on the router (if the router has that feature, mine does). With a fixed IP you don't need DynDNS. But if you do need DynDNS, then with a good domain service you can have it with your own domain.

    I don't think it matters much if the certificate is for domain or sub-domain. Using a certificate for a sub-domain where you don't own the domain seems like a bad idea, even if it works. If it's ok for you, go ahead ...

    There are different certificates, some just for a single (sub-)domain, some for wildcard domains, the latter usually more expensive. I don't know about Let's Encrypt, if they do wildcard domains, too. I'd be surprised if they don't.

    I'd also be surprised if this was only an Oracle issue. Please post your solution here, if you find one.

  • User_GIIZ1
    User_GIIZ1 Member Posts: 4 Green Ribbon

    I was able to resolve my specific issue by moving to NoIP, who offer the same dynamic DNS service but also offer SSL certificates for $19.99/yr (from TrustCor). Now I can host secure services on a dynamic IP address and have a legitimate certificate associated with it. Renewing a Let's Encrypt certificate was possible but couldn't be easily automated since the certificate needs to be loaded into three separate services (a VPN firewall, web mail and API). All I wanted was a certificate that lasted longer than 3 months, and I was willing to pay for it - but Digicert and Oracle didn't want to let that happen for some reason...

  • User_A3KPS
    User_A3KPS Member Posts: 5 Green Ribbon

    Thanks for sharing your solution. This would have been a bit simpler than what we have done.

    Our setup now:

    • Domain moved to good registrar ( who includes DynDNS for free
    • New router that is able to send updated IPs (Fritzbox)
    • SSL certificate bought for $15/yr from InterSSL (excellent service)

    Nowadays, with SSL almost mandatory, will have to follow NoIPs example to keep up (and make extra profit from selling certificates ...)

  • User_OWFKE
    User_OWFKE Member Posts: 9 Red Ribbon

    You should be able to easily auto-renew a LetsEncrypt certificate, and then copy, or symlink that into the three services (or auto-renew three separate certificates, if you need them to point to different hosts). If you buy certificates cheap, then maybe it's not worth it, but it can be done for free.

  • User_A3KPS
    User_A3KPS Member Posts: 5 Green Ribbon

    Thanks for the suggestion. I don't see how to make this work on shared hosting with no direct server access. Would you have details, a link to instructions perhaps?

    Anyway, it's about $15/yr for the certificate, and dynamic DNS is included for free by the domain registrar, so probably not worth the effort in our case.