ssldnsnginx-reverse-proxylets-encrypt

How to solve the issue with dynamic DSN, router supporting only three DSN vendors and subdomain?


My router, Nighthawk AX5 RAX30, only supports three dns vendors, and only one of them, noip.com, supports using my own domain instead of subdomains from these vendors. But noip.com only sell a package that costs $10/months for 50 domains. I only need one! So, I chose Netgear and created a subdomain mytestsomething.netgear.com. Now, I have a nginx test server on my local home network and I want to expose a test website to the outside world, https://mytestsomething.com with "lets encrypt". But I think that can't generate SSL cert for a subdomain. My test site sits behind nginx reverse proxy.

Any advise on how to deal with these three components to get it working so I can access https://mytestsomething.com will be greatly appreciated. I am open for getting another router, by the way, although this one is only 5 days old. Thanks!


Solution

  • My router, Nighthawk AX5 RAX30, only supports three dns vendors

    Dynamic DNS doesn't need to be done from the router. It can be done from any device on your network, e.g. your web server.

    The only advantage in having the router do it is that the router knows exactly when your IP address changes (and therefore, when an update needs to be made), whereas having the updater run somewhere else means it has to re-check periodically, but that's a very minor problem all things considered.

    For that matter, dynamic DNS doesn't need to be done at all, strictly speaking – it is not what makes the website reachable; it is merely for updating your correct IP address in DNS, and if you could arrange with your ISP that your IP address doesn't change, then dynamic DNS wouldn't be needed at all; just regular DNS.

    But I think that can't generate SSL cert for a subdomain

    Yes, of course it can. Look at all the websites using HTTPS on subdomains. It depends on the verification method done by the certification authority, but e.g. Let's Encrypt uses HTTP-based verification by default – as long as you can receive an ordinary HTTP request at the (sub)domain, you can pass the check required for issuance of a TLS certificate for that (sub)domain. So as far as CAs go, Let's Encrypt is the easiest CA to handle when you have a subdomain.