I just wanted to point out another possibility. Also because using SSL certificates can cause problems with CNAME. In addition, you can make several computers (with different host parts) accessible in your private network under different subdomains, which is also the purpose of this option.
Yes, you need something to automate updating. But according to the kiss principle, I would prefer a tested DynDNS client to a self-made script. But that’s my personal choice. And with this solution, a normal DynDNS client is sufficient, or even better, the possibly existing router.
This is not the standard case for DynDNS. DynDNS gives you the opportunity to make your private home network accessible on the Internet. And your router usually gets only one prefix from your ISP (for your home net).
If you have such a special case, a normal DynDNS client can of course not help you, then you may need your own script. But there are other solutions (own zone, own script only on this server, a possibly existing router updated, …)
Maybe I don’t understand it right, but - use a link?
All in all I just wanted to show a (possibly simpler) solution and not offend anyone.