I want to access my Home Assistant with a custom subdomain home.example.com but it does not work.
My domain has been registered at Namecheap.com for years.
In the Settings page, section “Add Custom Domain”, I type my subdomain home.example.com
I’m asked to add two CNAME records so I go to namecheap.com
Select my domain name and got to “Advanced DNS” section
I add first CNAME record with host = home.example.com, value = 123456789fakevalue098765432.ui.nabu.casa and TTL = Automatic
I add second CNAME record with host = _acme-challenge.home.example.com, value = _acme-challenge.123456789fakevalue098765432.ui.nabu.casa and TTL = Automatic
For me it was this: account.nabucasa.com gives you the info to copy to make your CNAME records. but this info is not exactly to be copied! In your example:
I add first CNAME record with host = home.example.com, value = 123456789fakevalue098765432.ui.nabu.casa and TTL = Automatic
Just copy:
host = home (without .example.com)
value = 123456789fakevalue098765432.ui.nabu.casa. (note the DOT at the end!!!)
I add second CNAME record with host = _acme-challenge.home.example.com, value = _acme-challenge.123456789fakevalue098765432.ui.nabu.casa and TTL = Automatic
Go back to Nabu Casa, click on “Validate”
Just copy:
host = _acme-challenge.home (without the .example.com)
value = _acme-challenge.123456789fakevalue098765432.ui.nabu.casa. (again note the DOT at the end)
Hey folks! I ran into the same issue today and was about to start up a support ticket, until I tried this:
I am using Cloudflare for DNS and I was using home.example.com with literally home as the subdomain prefix. After changing it to ha.example.com, it started working properly and validated. (Note to double check all the above suggestions too!) Not sure what was going on, but maybe try changing your subdomain prefix to something else to see if that kicks something somewhere in the chain
I’m still fighting to get this working with TransIP. Adding the dot at the end for the acme challenge worked, but not so much for the ha subdomain. I’m a little surprised that such a feature is still not working well after a number of years.
The solution here worked for me as well. Had to wait an hour though for the DNS records to update. Luckily I didn’t set the TTL to ‘1 day’ which was TransIP’s default setting.
I coudn’;t get it to work either. Reason, the way this is implemented is a direct violation of the DNS RFC:
The primary source is
RFC 1034: Domain Names - Concepts and Facilities . Section 3.6.2. CNAME RRs
The key sentence is:
If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different
What this means :
The “node” is ha.example.nl.
The “CNAME RR” is my record ha 10800 IN CNAME some_hidden_key123abc.ui.nabu.casa.
“No other data should be present” means we cannot have any other record at that same ha.example.nl node, including the _acme-challenge CNAME record that is a subdomain of ha .
The instructions provided here are in direct violation of this rule. When I try to add both records, my DNS provider rejects the second record or flag the zone as invalid.
Pls advise !
edited: corrected the error
NabuCasa support cleared this up, My bad.
RFC 8555 Section 8.4 explicitly defines the ACME standard: "The client constructs the validation domain name by prepending the label ‘_acme-challenge’ to the domain name being validated. Key point: _acme-challenge.ha.example.nl and ha.example.nl are different DNS nodes. RFC 1034’s CNAME restriction applies only to the same exact node, not parent/child relationships. The _acme-challenge prefix is part of the RFC 8555 ACME standard.
I tried again, completed the validation, waited some more (HA reports the process ready once the certificate is updated_) and then it works .
Subtle checks: the dot at the end of the CNAME alias, wait long enough for HA to do the work, recheck the validation.
