Skip to main content

AutoSSL issue for DDNS domains

Comments

7 comments

  • cPRex Jurassic Moderator

    Hey there!  We don't have any official documentation on this, but the only way to get AutoSSL working with DDNS would be to have the DNS for the domain by the local cPanel server.  Any http checks would fail since the domain is pointed remotely, so AutoSSL can't create the verification files on the remote server, so the system will have to fall back to the DNS check, which is where you ran into the error.

    If the DNS for the domain in question isn't hosted on the cPanel server, there isn't a way to get AutoSSL to issue the certificate.

     

    0
  • Wei Huang

    Hi cPRex,

    Thank you for responding. The DNS for the domain in question *is* indeed hosted on the cPanel server: I can see the TXT record that the error highlighted present in the zone editor.

    In such a case, can you clarify if the troubleshooting should be focused on why AutoSSL isn't able to execute the DNS check properly? Are there any suggestion on how to approach or reference you can share to similar issues in the past?

    In particular can you also confirm that none of the following will actually resolve the issue and achieve the objective: which is to have an SSL certificate issued to a DDNS domain?

    0
  • Wei Huang

    Suggestions that do not work:

    1. That DDNS should point to hosting server's IP
    2. That I should buy my own SSL certificate and install it
    3. That AutoSSL can only be generated on hosted-subdomain
    4. That DDNS sub-domains should have their own nameservers
    5. That domain control verification will only work with live servers listening at port 80/443

    0
  • Wei Huang

    Also given DNS for the domain in question *is* indeed hosted on the cPanel server, should we expect AutoSSL to be able to generate free SSL certificates for DDNS domains?

    0
  • cPRex Jurassic Moderator

    I did some additional testing with our team on this and confirmed that yes, DDNS domains do work with AutoSSL. 

    Does this command, when run from the server in question, show the correct nameservers for the domain?

    /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots 
    -MData::Dumper -e 'print 
    Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("domain.com"));'

    Just replace "domain.com" at the end of that command there with the actual domain you're working with.

    0
  • Wei Huang

    My hosting provider support asserted that

    "Let's Encrypt won't be able to issue a free SSL Certificate for your DDNS Domains. "

    Can you help to confirm if DDNS domains do work with AutoSSL to request SSL certificates from Let's Encrypt?

    Additional context: On my hosted cPanel, AutoSSL is able and already obtained SSL certificates for my hosted domains and sub-domains but not for DDNS.

    I'll see if I can get my hosting provider support to run the above command...

    0
  • cPRex Jurassic Moderator

    Yes, I personally created a DDNS domain on a test machine and AutoSSL had no trouble issuing the certificate when the DNS was local to that server.

    0

Please sign in to leave a comment.