Some advice with DDNS

WhiteTiger-IT · December 6, 2020, 3:19pm

In my zone there are no wired connections with good speed and I am therefore forced to use LTE connections, without Static IP.
For this reason I have registered a DuckDNS account which I have activated in pfSense.
Then, with BIND, I registered the various subdomains with cname associated with my DuckDNS account.
crm.mydomain.tld IN CNAME MY-ALIAS.duckdns.org.
erp.mydomain.tld IN CNAME MY-ALIAS.duckdns.org.
util.mydomain.tld IN CNAME MY-ALIAS.duckdns.org.
These subdomains are registered on my Debian 10 server in Apache (2.4.38)
This way I can access them via http.
I now want to create SSL certificates with Let's Encrypt and would like to understand:

If I can do it with DuckDNS or do I need to use another DDNS
How to configure the domain.
How to configure the server

I log into my server and name server via SSH or with Webmin.

Thanks in advance.

JuergenAuer · December 6, 2020, 4:16pm

Hi @WhiteTiger-IT

please start with some basics.

Then select a client.

If you have a specific, Letsencrypt-relevant question, your configuration is required.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · December 6, 2020, 5:50pm

You should also investigate if your version of Webmin directly supports LetsEncrypt certificates.
If that fails you, please do answer all the questions shown above, so that we can best help you.

Osiris · December 6, 2020, 9:02pm

DuckDNS is only a DNS intermediate party for resolving your IP address. You have your own domain name. I don't expect any issues with this use of DuckDNS.

WhiteTiger-IT · December 7, 2020, 8:51am

Thanks for your answers, but maybe I didn't make myself clear.
I have not specified the domain because it is not on the server yet, in fact I am asking for any advice.
Obviously I'm talking about a registered domain, but at the moment it still points to an ISP.
I know Let's Encrypt which I already use on VPSs.
In some of these, I use Let's Encryprt with Plesk; in others I use it with certbot by connecting via SSH.
I use Webmin for simpler things; I don't use Webmin for Let's Encrypt.
The one I mentioned in the initial post is not a VPS, but a local server where there is no Plesk and I work in SSH.
Until now on VPS I can use on a static IP while on this local server I have to use a dynamic IP.
For example my first problem is that I can't define the A record since it wants an IP and not a domain as in CNAME.
Furthermore, the MX record must have the same IP as the A record.

I was asking for advice on how to proceed, or a reference guide to consult.
I guess I'm not the only one having to register A, MX and CNAME records on a dynamic IP server.

JuergenAuer · December 7, 2020, 10:00am

Again: Your setup / question is unclear.

If you have a domain without an A-record, you can use dns validation:

An A- or CNAME with a public ip address is required if you want to use http validation.

But there are tons of DDNS / DuckDNS users with Letsencrypt certificates. See my own test page - https://check-your-website.server-daten.de/ - there are daily ddns etc with LE.

So (1) - yes. (2) - (3) - unknown. You have to select a challenge type and a client. There is no "general configuration".

Osiris · December 7, 2020, 10:36am

To me, it's unclear where this problem arises. A CNAME should be fine?

Not a problem, just set the MX record to the DuckDNS hostname, I don't see the issue.

Perhaps the main thing I'm worried about is carrier grade NAT on your LTE connection. Are you absolutely sure your LTE device gets a public IP address and not one out of the shared address space 100.64.0.0/10?

rg305 · December 7, 2020, 5:31pm

I think you might be on the wrong forum - that is purely a DNS issue.
[One that can be solved by using CNAMEs]

system · January 6, 2021, 5:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.