Set up an FQDN for an SSL
When creating an SSL, I'm prompted to input an FQDN (Fully Qualified Domaim Name).
I have already registered the domain and have configured the Name Servers. What do I add to my DNS and host files?
What is an FQDN
Let's start with what a FQDN actually is. A Fully Qualified Domain Name simply specifies the exact location of a device/computer on the internet within the Domain Name System. The structure of an FQDN is:
hostname . domain . tld . , where the last
. is the root of the DNS namespace. Most DNS services and browsers automatically process the root
. even if you do not include it.
Examples of a FQDN include:
host.example.com. www.example.com. anything.something.tld.
Configuring an FQDN
To configure an FQDN on your server, you should have:
- An A Record configured in your DNS pointing the host to your server's public IP address
- A line in your
/etc/hostsfile referencing the FQDN. See our documentation on the system's host file: Using Your System's hosts File
For instance, let's say my server's hostname is
server1 and I want an FQDN to be
server1.domain.tld. I would create an A record under my domain
server1 as the host and the value as my public IP address. I would also edit the
/etc/hosts file to input a line after the localhost line. Your host file may be different.
127.0.0.1 localhost 127.0.1.1 server1.domain.tld server1
FQDN in relation to SSL
In terms of configuring an SSL, many Certificate Authorities require that the common name for the certificate be an FQDN with a unique public IP address. This should also match with the URL of the site you're trying to obtain an SSL for.
Let's say I wanted to use
www.domain.tld for my SSL. I would configure an A record on my DNS with the host as
www and the value as a public IP address on my server. Your web server software, like Apache or Nginx, and other services will need to be configured to work with the domain and certificate registered for the SSL.
Yes, that would work for a host file to set
127.0.0.1 as the destination IP for
127.0.1.1 as the destination IP for
www.linode.com though in most cases the first thing set in the host file would be "localhost" and you'd normally want to set the www and non-www domains for the same site to the same IP address.