Duck DNS add on - add my own domain to the Let's Encrypt config

Is this possible?

I have and I have which has a CNAME mapping to my Duck DNS address. I would like Let’s Encrypt to create a certificate for Is that possible using the Duck DNS add on?



1 Like

I have made some progress with this (perhaps the fix I have noticed in version 1.5 is helping me get further than before), but am still stuck.

I recieved the following in the Duck DNS add on log:

+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record \"TbgfE52qv9DInN91lqvLmN3NlldcImKgb9duqaEK4Zo\" found at",
"status": 403
"url": "",
"token": "54t_1t66Q4NTHIz6_bNUBtw2gP6Z78R4St0IKb3stk"

Not really sure where to go from here! I added a text record with the token (from the log) in, but this appears not to be the right value, as when I restart the Duck DNS add on it still fails, and the token given has changed. I feel like if I just manage to get the right text record at it might work, but I don’t know how to identify what that text record should be…

1 Like

Did you figure out wich token to use?

Nope :frowning:

has anyone figured this out? I got my initial cert by dropping my webserver and pointing port 80 at the Pi. Now i need to renew and im not looking forward to doing this every 90 days.

1 Like

i too would like a solution. I wonder if I need to generate a different certificate for the duckdns domain and my cname’d domain?

A change request has been put in to the DuckDNS add-on to handle this.

Not sure how long it might take to progress, but see here:

Hi ! they update the add-on to make it possible with alias … but I’m not able to make it work… this is my config

“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
“token”: “BLAHBLAHBLAH”,
“domains”: [
“aliases”: [
“seconds”: 300

I don’t think the add on is actually updated yet; the change is still pending.

i’m also waiting on this to be accepted. is there a way to manually add it to

I wonder if this is why when I try to use a wildcard sub subdomain with duckdns it vomits back an error regarding aliases?


  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  "token": "secrettoken!",
  "domains": [
  "seconds": 300


ERROR: Please define a valid alias for your * wildcard-certificate. See domains.txt-documentation for more details.
Processing * with alternative names:

Are you aware of any evolution in this topic? I am also a stakeholder, as my office policies in place prevent access to subdomains :frowning:

Work like a charm :

1 Like