Duck Dns Breaking

BlackBerry_pi · April 18, 2019, 11:34am

I have DuckDNS set up for months and it works fine. But it start breaking a couple days ago

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-18 19:26:40 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-18 19:26:46 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed

Anyone experienced this issue? The Duck Dns addon show that it is connected to the dns, but the site just didn’t work.

Seems something to do with the ssl certificate and it is impossible that the certificate is outdated cus the addon automatically renew the certificate. I have no idea how to fix it. Any help is appreciated!

Davros · April 18, 2019, 12:09pm

I had a similar issue about an hour ago. I couldn’t even access https://duckdns.org from my host computer (my hassio install is virtual). It wasn’t an issue with duckdns site as I could access fine from my work PC. I restarted HASS, no joy. I tried an ipconfig /flush dns on the host, still no joy. I then restarted my host computer, https://mydomain.duckdns.org now working.

I’m sure you probably know this but you can access your home assistant using https://xxx.xxx.xxx.xxx:8123 if duckdns isn’t playing ball.

BlackBerry_pi · April 18, 2019, 12:16pm

What do you mean by ipconfig/flush dns? I want to give it a try

Davros · April 18, 2019, 12:36pm

As my Hasio install is hosted on a Windows server running HyperV and this server was also unable to access https://mydomain.duckdns.org or even the main https://duckdns.org site I tried running command prompt and then command ipconfig /flushdns
It will deped on your environment whether or not you can run this command. It also didn’t seem to resolve my issue, although restarting the host did. Good luck

anon34565116 · April 18, 2019, 2:58pm

Your server is complaining about the ssl certificates. Perhaps your configuration has incorrect paths.

What does that part of your configuration look like and what have you already tried to resolve the issue? We are here to help people solve issues, bot solve them for those who do not try first.

I just verified my duckdns host & access to www.duckdns.org work fine.

Davros · April 18, 2019, 3:03pm

Restarting my VM’s host server worked for me. No changes to config between restarts

BlackBerry_pi · April 22, 2019, 1:18pm

Normal configuration, not sure why it is breaking and duck dns log is saying connected successfully. I have reinstalled the add-on but it don’t work.

anon34565116 · April 22, 2019, 2:04pm

So, do you see the certificate files in the ssl directory? I asked earlier.
Your earlier log entries were complaining about the certificates.

BlackBerry_pi · April 22, 2019, 2:25pm

Yep I see those.

anon34565116 · April 22, 2019, 3:17pm

Is the certificate expired?
I think openssl on Linux can read a pem file with the key file.

BlackBerry_pi · April 22, 2019, 10:19pm

Not sure, but I do use let’s encrypt to renew the certificate after it breaks

But the let’s encrypt log show this:
IMPORTANT NOTES:

The following errors were reported by the server:
Domain: mymysterydomain.duckdns.org
Type: connection
Detail: Fetching

anon34565116 · April 22, 2019, 11:32pm

Since it was listed as an error perhaps it never got the updated certificate.

BlackBerry_pi · April 23, 2019, 7:18am

Yep I suspect that but let’s encrypt won’t let me update the certificate for some reason… Looking for a complete wipe and reinstall from the backup.

folrewef · May 8, 2019, 7:39am

Hi,

Di you ever find a solution to the original error. I have exactly the same error, but I do not experience any resulting problem with my setup. Only irritating to have a number of warnings and errors that turn up repeatedly without knowing why they are there.

BlackBerry_pi · May 8, 2019, 7:55am

You may find some solution here but neither of them worked for me. Maybe it will help you

ttecles · April 1, 2020, 9:41am

Have you tried checking the certificate:

openssl x509 -text -noout -in /etc/letsencrypt/live/whatever.duckdns.org/cert.pem and check for the valid until

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:cf:a3:80:45:ca:78:74:cc:6f:7a:f4:22:67:f1:a3:7d:c9
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Jan  1 19:24:28 2020 GMT
            **Not After : Mar 31 19:24:28 2020 GMT**
        Subject: CN = whatever.duckdns.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:

On the documentation they changed so now you set an automation or a cron job to renew the certificate: