Help getting certificate with dynamic DNS and a legit .us domain name


#1

My server is Ubuntu Server 16.04, my web server software is Nginx and I am currently hosting a wordpress website. My current goal is to replace our present squarespace website with an in-house setup of wordpress. Right now I’m using DuckDNS for my dynamic DNS service and I’m getting my .us domain name from Google’s domain name service. Now to my understanding I can just go to my admin page on Google and tell it to point to my .duckdns.org domain name and when people go to my .us domain name, their browser will show my .us address correct? My final thing is my certificate is tied to my .duckdns.org subdomain name. Will I have to issue a new certificate to my .us address and also add that .us name to my nginx config file? I’m using the most current version of certbot, and not the version packaged in Ubuntu 16.04


#2

This also depends on what Google does in the same way as the previous question. If they send a 301 redirect, then no; if they set a DNS CNAME, then yes. These questions have the same answer in this case because the certificate needs to cover whatever name might be shown in the browser address bar when connected to your server.


#3

Understood! Thank you schoen, I will look into that. So to my understanding then, if I can use a CNAME DNS alias record with Google, I would delete my old certs on my server, change my server_name in my nginx site config file to my .us domain, and then with certbot, have my -d argument contain my .us address?


#4

That’s right if you never expect people to use the duckdns name directly to access your site in a browser. It only needs to be a part of the certificate if there’s a reason why the browser would try to load a URL containing that name (which there definitely would be with the redirect form).

If you’re not sure, you could also try to get a certificate including both names.


#5

So I am presently working on this right now, and Google does in fact support CNAME records. I haven’t quite yet gotten to the certificate part because I am still stuck on getting this to work. Currently, I have my record set up like this:

Name Type TTL Data
www.hickstrucking.us CNAME 1h hickstruckinginc.duckdns.org

In my proxy configs, i set a rule so that if I get a www.hickstrucking.us, it will pass to the right internal server, and in nginx I have the server_name for port 80/443 to be set to hickstruckinginc.duckdns.org and www.hickstrucking.us. My problem is despite the CNAME it appears I am still being forwarded to my duckdns.org domain name which I’m trying to obfuscate. Any thoughts?


#6

UPDATE: it changed to a 404 immediately after posting


#7

I actually got it working! no need to do any certificate renewals for my .us domain. I can continue to use my duckdns domain for my certs and there’s no errors. Will mark what you said as the solution


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.