How to setup SSL certificate for A Record subdomain pointing to another server IP address

Question

I am new to SSL certificate encryption and will appreciate any advice that will help me to get the job done. Here is the case:

I own a domain domain.com and need to create a subdomain sub.domain.com that points to my server IP address (I host the server). I do this by creating an A record for sub.domain.com and set it to point to IP xx.xx.xx.xx.

Now I need to secure sub.domain.com so that when users access it, it is SSL encrypted: https://sub.domain.com

How should I approach this?

It seems that the domain hosting company cannot issue an SSL certificate for A Record but only for subdomain account, which I do not wish to use.

Since the A record points to a server hosted by me, should I create a certificate for this particular server? If so, how do I create such universally trusted certificate and not just one valid for localhost?

Answer 1

A certificate need to be issued for the domain in the URL. This means if you want to secure https://sub.example.com then you need a certificate for sub.example.com, no matter if sub.example.com is a CNAME to some other domain or if the A record points to a specific IP address. A certificate for an IP address is only needed if you want to secure the (rare case) of https://ip-address/.

If you want to secure a server which is fully in your own control you can have the A record point to it and then get a certificate for the specific subdomain. For example Let's Encrypt provides free certificates and there are tons of instructions online how to use these with a specific server setup.