Duck Dns Breaking

I have DuckDNS set up for months and it works fine. But it start breaking a couple days ago

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-18 19:26:40 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-18 19:26:46 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed

Anyone experienced this issue? The Duck Dns addon show that it is connected to the dns, but the site just didn’t work.

Seems something to do with the ssl certificate and it is impossible that the certificate is outdated cus the addon automatically renew the certificate. I have no idea how to fix it. Any help is appreciated!

I had a similar issue about an hour ago. I couldn’t even access https://duckdns.org from my host computer (my hassio install is virtual). It wasn’t an issue with duckdns site as I could access fine from my work PC. I restarted HASS, no joy. I tried an ipconfig /flush dns on the host, still no joy. I then restarted my host computer, https://mydomain.duckdns.org now working.

I’m sure you probably know this but you can access your home assistant using https://xxx.xxx.xxx.xxx:8123 if duckdns isn’t playing ball.

What do you mean by ipconfig/flush dns? I want to give it a try

As my Hasio install is hosted on a Windows server running HyperV and this server was also unable to access https://mydomain.duckdns.org or even the main https://duckdns.org site I tried running command prompt and then command ipconfig /flushdns
It will deped on your environment whether or not you can run this command. It also didn’t seem to resolve my issue, although restarting the host did. Good luck

Your server is complaining about the ssl certificates. Perhaps your configuration has incorrect paths.

What does that part of your configuration look like and what have you already tried to resolve the issue? We are here to help people solve issues, bot solve them for those who do not try first.

I just verified my duckdns host & access to www.duckdns.org work fine.

Restarting my VM’s host server worked for me. No changes to config between restarts

Normal configuration, not sure why it is breaking and duck dns log is saying connected successfully. I have reinstalled the add-on but it don’t work.

So, do you see the certificate files in the ssl directory? I asked earlier.
Your earlier log entries were complaining about the certificates.

Yep I see those.

Is the certificate expired?
I think openssl on Linux can read a pem file with the key file.

Not sure, but I do use let’s encrypt to renew the certificate after it breaks

But the let’s encrypt log show this:
IMPORTANT NOTES:

Since it was listed as an error perhaps it never got the updated certificate.

Yep I suspect that but let’s encrypt won’t let me update the certificate for some reason… Looking for a complete wipe and reinstall from the backup.

Hi,

Di you ever find a solution to the original error. I have exactly the same error, but I do not experience any resulting problem with my setup. Only irritating to have a number of warnings and errors that turn up repeatedly without knowing why they are there.

1 Like

You may find some solution here but neither of them worked for me. Maybe it will help you

Have you tried checking the certificate:

openssl x509 -text -noout -in /etc/letsencrypt/live/whatever.duckdns.org/cert.pem and check for the valid until

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:cf:a3:80:45:ca:78:74:cc:6f:7a:f4:22:67:f1:a3:7d:c9
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Jan  1 19:24:28 2020 GMT
            **Not After : Mar 31 19:24:28 2020 GMT**
        Subject: CN = whatever.duckdns.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:

On the documentation they changed so now you set an automation or a cron job to renew the certificate: