How do I verify DDCLIENT is using SSL and if it's not, how do I force it?

ssl dns dyndns openvpn ddclient

I have been following this guide on setting up VPN on my pi. Part of the steps are to set up and configure a dynamic dns service. I have created several accounts across multiple platforms. No Ip and dynamicdns are two to name. Below is an output of my ddclient.conf file, it connects fine on both dynamic dns sites. 

daemon=60                               # check every 60 seconds
syslog=yes                              # log update msgs to syslog
mail=root                               # mail all msgs to root
mail-failure=root                       # mail failed update msgs to root
pid=/var/run/ddclient.pid               # record PID in file.
ssl=yes                                 # use ssl-support.  Works with
                                        # ssl-library
use=web, web=myip.dnsdynamic.com        # get ip from server.
server=www.dnsdynamic.org               # default server
login=YOURUSERNAME                      # default login
password=YOURPASSWORD                       # default password
server=www.dnsdynamic.org,              \
protocol=dyndns2                        \
MYDOMAIN.dnsdynamic.COM

My issue is that in this article, they illustrate how to verify if your pi is connecting over SSL. When I run

sudo ddclient -verbose -debug -noquiet -query

it shows connecting over HTTP vs HTTPS or SSL for each site. I verified that ssl was installed by running 

sudo apt-get install ssh libio-socket-ssl-perl

Any ideas on if it's connecting via ssl or how I can force it to? I have ran through this article too. I did see that ddclient stated that it would use SSL if available, I'm wondering if this is a limitation to using a free dynamicdns site or if I'm overlooking something. The articles made it appear as though the sites I'm using like no ip and dnsdynamic support SSL.


Solution 1:

I have found the answer and I feel very silly not figuring it out earlier.

daemon=60                               # check every 60 seconds
syslog=yes                              # log update msgs to syslog
mail=root                               # mail all msgs to root
mail-failure=root                       # mail failed update msgs to root
pid=/var/run/ddclient.pid               # record PID in file.
ssl=yes                                 # use ssl-support.  Works with
                                        # ssl-library
use=web, web=https://myip.dnsdynamic.org        # get ip from server.
server=www.dnsdynamic.org               # default server
login=USERNAME                          # default login
password=PASSWORD                       # default password
server=www.dnsdynamic.org,              \
protocol=dyndns2                        \
YOUR DOMAIN GOES HERE

The above will force SSL and will connect over SSL. There are two changes I have made.

The line use=web, web=myip.dnsdynamic.com should be use=web, web=https://myip.dnsdynamic.org. Changing from .com to .org stops connection failures. Adding https:// prior to the connection string allows it to connect over SSL.

Output from use=web, web=myip.dnsdynamic.org shows:

use=web, web=loopia address is IPADDRESSISHERE
CONNECT:  myip.dnsdynamic.org
CONNECTED:  using HTTP
SENDING:  GET / HTTP/1.0
SENDING:   Host: myip.dnsdynamic.org
SENDING:   User-Agent: ddclient/3.8.2
SENDING:   Connection: close

Output from use=web, web=https://myip.dnsdynamic.org shows:

use=web, web=loopia address is IPADDRESSISHERE
CONNECT:  myip.dnsdynamic.org

The verification of cert '/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA/CN=www.dnsdynamic.org'
failed against the host 'myip.dnsdynamic.org' with the default verification scheme.

   THIS MIGHT BE A MAN-IN-THE-MIDDLE ATTACK !!!!

To stop this warning you might need to set SSL_verifycn_name to
the name of the host you expect in the certificate.

CONNECTED:  using SSL
SENDING:  GET / HTTP/1.0
SENDING:   Host: myip.dnsdynamic.org
SENDING:   User-Agent: ddclient/3.8.2
SENDING:   Connection: close

I am still unsure why forcing ssl=yes does not cause it to use HTTPS automatically but it is connecting over SSL now and the command as seen by @George helps me verify it is: sudo ddclient -verbose -debug -noquiet -query

Solution 2:

This is only the "get IP" part. The actual update to the dynamic DNS server is not shown in your output. It may still be done over HTTP.

root@ad26e03e9704:/bin# ddclient -daemon=0 -noquiet -debug -file /config/ddclient.conf
DEBUG:    get_ip: using cmd, /config/get_ip.sh reports 10.0.0.1
DEBUG:
DEBUG:     nic_dyndns2_update -------------------
DEBUG:    proxy  =
DEBUG:    url    = http://dyndns.strato.com/nic/update?system=dyndns&hostname=bla.mydomain.com&myip=10.0.0.1
DEBUG:    server = dyndns.strato.com
SUCCESS:  updating bla.mydomain.com: good: IP address set to 10.0.0.1

If I put https in front of the server, I get:

DEBUG:    url    = http://https://dyndns.strato.com/nic/update?system=dyndns&hostname=bla.mydomain.com&myip=10.0.0.1

Related

Ubuntu 17.04 Randomly Freezes
Is this upgrade error fatal?
How do I disable Dock and Panel transparency?
Ubuntu 18.04 hangs when using Google Chrome, Mozilla Firefox and Thunderbird [duplicate]
How does /etc/initramfs-tools/conf.d/resume work?
Ubuntu 18.04: Gnome lock screen refuse correct password
Can't using Netbeans 10.0 after installing from repository on Ubuntu 18.04
Linux kernel flavours in modern releases
Xdg-open doesn't do anything, Zoom in Chromium,
Why do I have the gnome-3-34-1804 snap package installed on Ubuntu 20.04 (after a clean install of 20.04)?
How to fix update problems (Ubuntu 20.04)
update-grub not working -- No medium found