Use a Go Daddy SSL cert with DYNDNS site

How To:

  • Let’s say you like keeping as much money as possible and only spending what is necessary.
  • Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.

What Why Where?

  • Why DYNDNS?  …typically due to the business using a dynamic IP address
  • they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
  • …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
  • The cert offered by DYNDNS is overpriced at $99/yr.  Their other services are extremely price friendly so maybe this isn’t such a big deal.  …but then again it’s money you can keep
  • Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special.  This is the same cert they (Go Daddy) normally charge $45 for.  You can purchase from 1-5 years.

Hypothetical Site

  • your site:  rubberduckies.dyndns.com

your DYNDNS WHOIS information

  • it won’t be able to be seen by Go Daddy in order to send you the verification email
  • Why?  WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
  • The Administrative Contact for that WHOIS query is hostmaster@dyndns.com which BTW isn’t you
  • http://whois.dyndns.com

DYNDNS Custom DNS

  • Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
  • It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
  • you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name

SSL certificate issuance steps

  • First step –generate a CSR (certificate signing request) – at your IIS server
  • Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
  • Manage the Certificate that is listed under your Go Daddy “My Products”
  • Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
  • Cert goes to a state of ‘pending’
  • Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email

When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation

  • adding a DNS record into your domain proves you to be an authoritative person for the domain
  • Go Daddy must be called before they email you this
  • create the TXT record per their instructions
  • you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered

With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”

  • you will see a window with a link to click to have Go Daddy use the TXT validation

Return to the cert portal and see if the cert has cleared all hurdles and is “issued”

If it isn’t you may have to wait for Go Daddy to manually review your site and request

  • I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
  • took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!

Download the certificate

A five year Go Daddy SSL cert just cost you $65.  Of course you could have spent $495 with DYNDNS.  Please send your grateful donation to me at your discretion. ;-D

Advertisements

4 responses to “Use a Go Daddy SSL cert with DYNDNS site

  1. At the end of 2012, the TXT record process does not work with No-ip.com, as it really requires that your create a subzone/subdomain called DZC, and then attach the 7 character code to it. Using a web page also requires that it be off the main domain. Perhaps this is depend on those you talk to. I was able to get a refund (don’t revoke the pending certificate — let godaddy do it)

    • yikes! – time marches on and things change – the subzone creation is likely a game changer and unsurmountable obstacle in the DYNDNS namespace management capability – FYI, you can also ‘rekey’ aka enter new CSR information into the already purchased GoDaddy Cert should you wish to pursue that.

  2. The price of GoDaddy single site SSL jumped do 59.99 per year (checked 2015-Feb).

    • yes – its amazing how much it jumped! I did some Googling and found some interesting alternatives that were much more reasonable and from good cert. providers – haven’t yet gone through a purchase though so I won’t comment any more than that

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s