Obtain certificate for my DDNS domain


#1

Hi,

is it possible to obtain a certificate for my DDNS domain that points to my local PC where I opened ports 80 and 443 only with port forwarding on other posts (e.g. 9480, 9443)?
So when I need to access my PC from the internet I run:

https://mydomain.ddns.net:9443

Thanks


#2

Nope, not unless you can use DNS validation (setting a TXT record on your domain), but that generally is not an option with DDNS providers.


#3

Ah, thanks, that’s a pity!
I just wanted to add a Nextcloud docker container to my PC and to protect it from the internet I wanted to keep ports 443 and 80 not directly opened so I created a port forwarding with other ports.
I also was using a letsencrypt docker companion container to auto obtain a SSL certificate and now I understand why it was not working when using https://mydomain.ddns.net or https://mydomain.ddns.net:9443 as domain.
I think I need to find an alternative.


#4

Maybe I don’t understand your setting. But if port 80 is open, so you should use something like

http://mydomain.ddns.net/.well-known/acme-challenge/test.txt

from outside to get a 404 (file does not exist) or 200 / content of test.txt, if you create such a file.

And if you can load such a file, Letsencrypt can also verify a file /.well-known/acme-challenge/verylongtoken

So you can use the htt-01 - challenge.

The port-forwarding is only internal.

Create such a file and tell your domain name. Then we can test it.


#5

Hi @iiutyik877,

If you don’t mind to change the dynamic dns provider, you could use dynu.com (it is free, allows txt records and has an API) and acme.sh client supports it so you could issue your certificates using it.

I wrote a mini guide a few months ago if you want to take a look.

Good luck,
sahsanu


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.