Duck DNS add on - add my own domain to the Let's Encrypt config

Is this possible?

I have mydomain.duckdns.org and I have http://My.OwnDomain.com which has a CNAME mapping to my Duck DNS address. I would like Let’s Encrypt to create a certificate for http://My.OwnDomain.com. Is that possible using the Hass.io Duck DNS add on?

Thanks,

James

1 Like

I have made some progress with this (perhaps the fix I have noticed in version 1.5 is helping me get further than before), but am still stuck.

I recieved the following in the Duck DNS add on log:

+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record \"TbgfE52qv9DInN91lqvLmN3NlldcImKgb9duqaEK4Zo\" found at _acme-challenge.MyCustom.Domain.com",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/pZlCyyNk6pYjkjkeDv1uICoQirw56346uWOoAe1E3sI/6060253411",
"token": "54t_1t66Q4NTHIz6_bNUBtw2gP6Z78R4St0IKb3stk"
})

Not really sure where to go from here! I added a text record with the token (from the log) in, but this appears not to be the right value, as when I restart the Duck DNS add on it still fails, and the token given has changed. I feel like if I just manage to get the right text record at _acme-challenge.MyCustom.Domain.com it might work, but I don’t know how to identify what that text record should be…

1 Like

Did you figure out wich token to use?

Nope :frowning:

has anyone figured this out? I got my initial cert by dropping my webserver and pointing port 80 at the Pi. Now i need to renew and im not looking forward to doing this every 90 days.

1 Like

i too would like a solution. I wonder if I need to generate a different certificate for the duckdns domain and my cname’d domain?

A change request has been put in to the DuckDNS add-on to handle this.

Not sure how long it might take to progress, but see here:

Hi ! they update the add-on to make it possible with alias … but I’m not able to make it work… this is my config

{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “BLAHBLAHBLAH”,
“domains”: [
my.duckdns.org
],
“aliases”: [
myowndomain.com
],
“seconds”: 300
}

I don’t think the add on is actually updated yet; the change is still pending.

i’m also waiting on this to be accepted. is there a way to manually add it to hass.io?

I wonder if this is why when I try to use a wildcard sub subdomain with duckdns it vomits back an error regarding aliases?

Config

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "secrettoken!",
  "domains": [
    "*.example.duckdns.org",
    "example.duckdns.org"
  ],
  "seconds": 300
}

Error

ERROR: Please define a valid alias for your *.example.duckdns.org wildcard-certificate. See domains.txt-documentation for more details.
Processing *.example.duckdns.org with alternative names: example.duckdns.org

Are you aware of any evolution in this topic? I am also a stakeholder, as my office policies in place prevent access to duckdns.org subdomains :frowning:

Work like a charm :

1 Like