Dynamic DNS provider desec.io can be used with Let's Encryt


The German dynamic DNS provider deSEC just announced that it can be used with Let’s Encrypt:

Dear dynDNS enthusiast,

During the recent past, many of you contacted us about technical issues
in the context of obtaining SSL/TLS certificates from Let’s Encrypt. In
particular, there was a limit on how many certificates would be issued
every week under our public suffix dedyn.io. Since both our dynDNS
service and Let’s Encrypt gained some popularity since 2015, this
limitation became more and more of a problem to many users.

We discussed the issue with the concerned parties, and yesterday night,
Let’s Encrypt has finally lifted the restriction. This means that you
can now request a free SSL/TLS certificate for your *.dedyn.io hostname!

As you know, our DNS service is already DNSSEC-secured, which means that
nobody can tamper with the IP address associated with your dynDNS
hostname. However, once the DNS has done its job and your hostname has
been translated to your IP address, the rest of the connection is not
automatically private – that needs to be set up on the server side. We
therefore encourage all our users to raise the security bar further, by
making use of these new encryption opportunities!

For instructions on how to obtain and install a certificate, please
refer to the Let’s Encrypt documentation:

If the above was cryptic for you, here’s some background: Let’s Encrypt
allows you to safely use HTTPS and other encrypted protocols by
providing TLS/SSL certificates at no cost. Besides enabling encryption,
this allow clients to verify the server’s identify. You can use this,
for example, to can set up secure web sites with our dynDNS service.

Finally, we would like to remind you that our service currently runs
non-profit. If you like what we’re doing, please consider sending us a
donation: https://desec.io/#!/en/donation

Stay safe,


I wonder what exactly was changed yesterday night…
AFAIK the provider has already been included in the public suffix list for some time, so it should already have been possible to use it for some time.


Let’s Encrypt’s Boulder CA updated to revision 4df33ef (the revision’s actual name is a longer string of hex digits, but that’s good enough to find it for the foreseeable future) on 12 July

This revision switched from relying on a Go package which had a rather old Public Suffix List to one dedicated to updating this list about once a week. As a result, all PSL changes more than week old are now live in Let’s Encrypt, including desec.io


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.