I’ve succeeded in getting an SSL certificate via Letsencrypt and Duckdns for Nginx, but I would like to know how to deal with the limitation that only certifies subdomains. So if I had a domain fred.duckdns.com, the all the subdomains of fred would be certified, but fred itself gives an “invalid certificate” error.
Is there a way of routing “fred” to “www.fred” so the invalid certificate error does not appear?
I’m sure it’s straightforward, but I am too inexperienced to deal with it!
It looks like I cannot avoid an invalid certificate error if people choose to connect without a subdomain.
The article you referred to confirmed my fears:
First of all your need SSL certificate for both domains theos.in and www.theos.in.
Another option is a SAN certificate or wildcard certificate that protect all first-level subdomains on an entire domain such as *.theos.in including www.theos.in, theos.in, forum.theos.in and more.
Sadly neither option is available with letsencrypt/duckdns
To redirect to www, the server would need to accept the connection at the domain[.ducknds.org] which does not have a certificate thus generating the error. I thought as much. How annoying!
What is misleading is that I see the following after the letsencrypt installation:
duckdns validation is selected
the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
This led me to believe that a redirection would work. Oh Well!