Add a certificate to an entire ddns.net host

Hello, I have a ddns.net host (made from No-IP) and I wanted to know if it’s possible to associate a cert with the entire domain instead of the single applications on the server.
I explain myself better.

Let’s say I have an Apache2 Server listening on port 80, and a Jupyter Notebook listening on port 8888. Both are reachable from outside the private lan of the server.
I generated the cert with certbot certonly and installed them both into the apache2 server and the jupyter config, everything works and the connections are encrypted.

Is there a way, however, to have the certficates “installed” into the hostname, without setup the SSL cert for every application running on my server?

If it’s useful at all, my server OS is Ubuntu 18 LTS.

Thank you in advance!

2 Likes

Certifiicates themselves don’t do anything; they don’t take any action.
It’s almost like a bullet, which can be fired by a gun but by itself doesn’t do much.

There is no single place to insert/apply a cert to encrypt everything on your system.
The closest thing to that is a VPN, but even that doesn’t modify the actual content, it only secures the connection to the other VPN endpoint, before and after those points things are as they were before.

So, no, there really is no single step way to do what you are asking (encrypt everything).
[if I understood you correctly]

Each individual service would have to support encryption and then be configured to use the LE cert to encrypt with.

2 Likes

Hi @crissal

the hostname doesn’t exist. That’s a name, nothing else.

There are DNS entries domain names -> ip addresses.

So if the user want’s to load subdomain.ddns.net, DNS says: “Contact that ip address”.

There is a port contacted. There must run a program.

So if that program should use encryption, you have to install a certificate, so that program is able to use it.

1 port + 1 program -> one installation.

100 ports + 100 programs -> 100 installations.

3 Likes

Oh ok, thank you very much both of you!

I asked because in the control panel of ddns.net there is an option to buy a SSL certificate for an entire hostname, but maybe I misunderstood something.

3 Likes

That may be a wildcard certificate.

So if you have subdomains, you don’t need a certificate per subdomain.

Instead, you can use one wildcard. But you have to install the wildcard certificate on every program / port.

But: Letsencrypt allows creating wildcard certificates. Only limitation: Dns validation is required, not http validation.

2 Likes

Excuse my ignorance, but what do you mean by DNS validation?

1 Like

You must prove you are the domain owner.

There are some different challenge types to do that.

Certificate with domain names -> http or dns validation (or Alpn, but there are not much clients)
Certificate with wildcard -> dns validation

3 Likes

Perfect, thank you for your patience and clarity!

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.