I am developing stand alone server in python3 and want to use secure websockets. I did try to crate developer certificate for initial testing but looks like modern browsers do not like it.
How do you create and renew certificate for server side secure web sockets for my domain (I need to register it)
Again I ma not using traditional web server like Apache etc. If that make a difference.
Let’s say I have mydomain.com. What are the exact switches to create and renew certificate for my purpose.
I am accusing registration and renewal always must be done from server that domain belongs to?
Does it make different if my server later one will be behind Firewall or load balancer?
Also separate question: Is it possible to create certificate for DDNS? Or it has to be full own domain?
you need a public visible and unique domain. And you have to prove that you are the domain owner. There are two main versions:
http 01 - challenge: A special file under /.well-known/acme-challenge via port 80 / a running webserver
dns 01 - challenge: A special dns txt entry _acme-challenge.yourdomain.com with a special value
So if you want to use http 01, there must be a public visible webserver with yourdomain -> A record with ip of this server. But there are clients who are able to create a temporary webserver, so you need not an own. But you need an open port. http-01 is wonderful if there is already a running website.
If you use dns 01, this is irrelevant. Your dns provider should support an API. There are Letsencrypt clients (like acme.sh) with a lot of supported dns-plugins. dns -> you need only a dns entry, no open port / running webserver etc.
What means DDNS? You need always a Fully-Qualified Domain Name. But it's irrelevant if this is your own domain or a sub-sub-subdomain of another service. There are sometimes users with ddns.org - subdomains or subdomains of other services.