OK, my setup has a lot of moving parts so bear with me.
I’m currently hosting a private cloud service in an ubuntu server box in my house. Since my public IP is dynamic i got myself a DDNS domain from ducksdns so i could access my cloud service via that DDNS domain (i.e. “mynetwork.duckdns.org”). That part is already setup and working great.
I then installed certbot in the Ubuntu box to obtain, install and renew a let’s encrypt certificate for my private cloud system which uses apache. That part is also up and running great.
This cloud service is actually for my small company which creates a problem for me when I share anything from my cloud service since the URL that is being produced is something like https://mynetwork.duckdns.org/something-something which is just unprofessional.
To solve this, and since my company has it’s own domain, I create a subdomain (i.e. “cloud.mycompany.com) and point it to my duchdns domain via a CNAME record entry. That part is working great as well.
But, if i access my cloud service via my subdomain i get a certificate warning saying that the url used to access the webpage (“cloud.mycompany.com”) doesn’t match the url of the SSL certificate (“mynetwork.duckdns.org”).
This is where I’m getting stuck.
I thought that the solution was to install an SSL certificate for the subdomain. So, I went to hostgator (since they are the ones managing my domain and hosting my webpage), and install one of the free SSL that they offer and applied it to my subdomain.
Well, this produces the same result as before with the same warning as before. The webpage loads the certificate from the DDNS domain and completely ignores the one for the subdomain.
I then thought about using certbot in my ubuntu box to request a certificate for my hostgator subdomain, save the certificates localy and install it via the apache conf files. Well, this cannot be done as hostgator doesn’t have an API to update the TXT DNS records.
So, what is the proper way to implement a Let’s encrypt SSL certificate when we have a subdomain pointing to a DDNS service?
I’m sure I cannot be the only person in the world with this scenario.