How To:
- Let’s say you like keeping as much money as possible and only spending what is necessary.
- Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.
What Why Where?
- Why DYNDNS? …typically due to the business using a dynamic IP address
- they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
- …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
- The cert offered by DYNDNS is overpriced at $99/yr. Their other services are extremely price friendly so maybe this isn’t such a big deal. …but then again it’s money you can keep
- Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special. This is the same cert they (Go Daddy) normally charge $45 for. You can purchase from 1-5 years.
Hypothetical Site
- your site: rubberduckies.dyndns.com
your DYNDNS WHOIS information
- it won’t be able to be seen by Go Daddy in order to send you the verification email
- Why? WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
- The Administrative Contact for that WHOIS query is hostmaster@dyndns.com which BTW isn’t you
- http://whois.dyndns.com
DYNDNS Custom DNS
- Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
- It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
- you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name
SSL certificate issuance steps
- First step –generate a CSR (certificate signing request) – at your IIS server
- Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
- Manage the Certificate that is listed under your Go Daddy “My Products”
- Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
- Cert goes to a state of ‘pending’
- Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email
When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation
- adding a DNS record into your domain proves you to be an authoritative person for the domain
- Go Daddy must be called before they email you this
- create the TXT record per their instructions
- you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered
With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”
- you will see a window with a link to click to have Go Daddy use the TXT validation
Return to the cert portal and see if the cert has cleared all hurdles and is “issued”
If it isn’t you may have to wait for Go Daddy to manually review your site and request
- I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
- took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!
Download the certificate
A five year Go Daddy SSL cert just cost you $65. Of course you could have spent $495 with DYNDNS. Please send your grateful donation to me at your discretion. ;-D
