SSL Certs are bound to host names ie: secure.mydomain.com multiple services can be located at secure.mydomain.com running on different ports secured by the same certificate.

If all the services are running on the same server it is pretty straight forward. When the services are on different machines, it gets a bit trickier to do it with a single certificate. Some certificate authorities will sign multiple certificates for a single domain name, especially if you tell them it is for an appliance that has no way to export the private key. I'm not familiar with your CA and what their policy is.

The second way to do it is to generate a CSR, get it signed, Import it back and complete the request. Then export the signed cert and the server's private key and import it into the second server. This gets a bit more complicated when dealing with "bundled" systems like appliances where you don't necessarily have full control of the OS and the webserver. Some provide a method of doing this in their control panel, others you can get it done with the command line. Again, it varies with what systems you are trying to install it on.

I don't really see the value in getting a publicly trusted certificate from a CA for services that are going to be accessed only by you and your close friends and family. Just install the un-trusted certificate on your devices and you're done. Just because a certificate is issued from a CA it doesn't make it any more secure than a self-signed, it just lets the public trust it at face value, and often times you are buying peace of mind services like data breach protection, etc. In my opinion, if the public isn't accessing your services, just go with self signed, install it on your devices to get rid of the nag screens, and be done with it.

Excellent explanation, it was very clear and easy to understand. I purchased the SSL for $1 and the domain for $10 a year. It is easy to use it then every 30 days renew from no-ip.com. The name is easy to remember as well. I do it more to learn than security, I'm curious how the SSL will work.

Another question if you do not mind, you mention the "Devices and annoying messages" what do you install on those?

In regard of HS what web does it use on the background, apache? Do we in this group use SSL at all or plain http? What port should I use to prevent hacking, I have 8080 but I see lot of hacking on the site. Should I change port?

Aldo