Duck DNS is not working (Challenge validation has failed)

Configuration
1

I have succesfully using Home Assistant with Duck DNS for a long time. Now I’m installing Home Assistant on a different device (raspberry pi 4).

On this new raspberry Duck DNS should also work. But I have problems. What have I done so far:

  • In my router I have changed the port forwarding to the local ip of the raspberry
  • In the Duck DNS account I have changed nothing, so I use the same domain name (Duck DNS on the old pc is stopped)

The certificates are not created and I get the next log information of Duck DNS:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
# INFO: Using main config file /data/workdir/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
[11:20:54] INFO: OK
<public ip address>
NOCHANGE
[11:20:54] INFO: Renew certificate for domains:< my domain name>.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
 + Creating chain cache directory /data/workdir/chains
Processing < my domain name>.duckdns.org
 + Creating new directory /data/letsencrypt/< my domain name>.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for < my domain name>.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
OK + Responding to challenge for < my domain name>.duckdns.org authorization...
 + Cleaning challenge tokens...
OK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]	"dns-01"
["status"]	"invalid"
["error","type"]	"urn:ietf:params:acme:error:dns"
["error","detail"]	"DNS problem: SERVFAIL looking up TXT for _acme-challenge.< my domain name>.duckdns.org - the domain's nameservers may be malfunctioning"
["error","status"]	400
["error"]	{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: SERVFAIL looking up TXT for _acme-challenge.< my domain name>.duckdns.org - the domain's nameservers may be malfunctioning","status":400}
["url"]	"https://acme-v02.api.letsencrypt.org/acme/chall-v3/...../......"
["token"]	"......................."
["validated"]	"2021-08-14T09:21:05Z")
[11:26:10] INFO: OK
<public ip address>
NOCHANGE

My config of Home Assistant:


http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  base_url: <my domain name>.duckdns.org:8123

Does anybody know how I can solve this?

2

Did you specify this somewhere?
That challenge won’t work with duckdns, it only work with custom domain names where you have control over the Authoritative DNS for that domain.

You have to use " http-01" for duckdns.

3

At the moment it is working!!!

I have not changed anything on my site. I have tried it a lot and a minute ago it was working… Maybe there was a failure with DuckDNS?

I don’t know what dns-01 is. I have not speficied it anywhere.

4

It’s been going back and forth for about 24 hours. Most of the time I cant reach my instance, but I can get to it from nabu casa and locally.

5

DuckDNS seems to be down right now

6

I have still some connection problems when using the app.

So it seems to be there is indeed still some problems with DuckDNS

7

Yeah I cant get to duckdns.org let alone my custom.duckdns.org

8

This is the first time that I’ve seen duckdns down. Each time I go there, it shows online. I was really concerned that it was just me - until I saw this thread of course.

9

Same problem here. I’m having problems accessing my instance from outside my network all day long. Hopefully this gets resolved. Never had problems with duckdns. Good to know it’s not just me.

10

Exactly on a day that I’m installing DuckDNS…there are problems :slight_smile:

But indeed it is good to know that more people has those problems so I don’t have to look at my install/config.

11

Duckdns seems to be under DDOS attack (or maybe another issue) for the last 24 hours or so. Nothing we can do on our side, nothing they seem to do on their side.

12

Is there something for duckdns that you can see if service is down?

13

My proxymanager was messed up not really bad but annoying. One day the web app was reset to default no proxy. But everything keept working. Now i tough ill do it today removed all the proxys from the database and ssl files started over and now this “challenge error” pffff so you’re not alone

14

I have the same behavior
~ 50% loss of dns lookup:
Total:749
SUCCESS:351

2 Likes
15

I just migrated to Pi 4 w/ssd and have the same issue. Damn coincidences kill ya.

It is indeed a problem with DNS. When checking I see only DNS resolving on 50% of the servers I try.

I added a host entry on Win 10 to resolve without DNS which a short term solution.

16

Idem, duckdns doesn’t work from yesterday morning en my HA.

  • Deploying challenge tokens…
    ERROR: deploy_challenge hook returned with non-zero exit code
17

image

It gave me the same problem too, it seems to be related to the latest version of the Home Assistant CORE (Aug) I went back and it works fine again …

18

I did an install of Duckdns on my HA Home Assistant Core 2022.6.7 and followed the instructions. But unfortunately I got the same error:

# INFO: Using main config file /data/workdir/config
+ Account already registered!
[09:51:23] WARNING: 
[09:51:24] INFO: Renew certificate for domains: xwijk.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing <my sub domain>.duckdns.org
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for < my sub domain>.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
ERROR: deploy_challenge hook returned with non-zero exit code

After add the text to my configuration file and restart of HA I also got the next error logging:

The system cannot restart because the configuration is not valid: Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/ssl/fullchain.pem' not a file for dictionary value @ data['http']['ssl_key']. Got '/ssl/privkey.pem'. (See /config/configuration.yaml, line 9).
The system cannot restart because the configuration is not valid: Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/config/ssl/fullchain.pem' not a file for dictionary value @ data['http']['ssl_key']. Got '/config/ssl/privkey.pem'. (See /config/configuration.yaml, line 9).

Someone found a solution for it?

1 Like
19

I’ve got the same problem using 2022.7. I install duckdns then edit the config. once I start duckdns the log shows ERROR: deploy_challenge hook returned with non-zero exit code. I’ve uninstalled and reinstalled, but get same error.
One thing I noticed in the log:

  INFO: Renew certificate for domains: veejur-home.duckdns.org and aliases:

I’m not sure if this is related or not.

I can access my HA from duckdns by using http://myHA.duckdns.org, but not https://myHA.duckdns.org

ZLooks like a certificate problem but I have no idea how to solve it.

@martinst Did you get yours fixed?

20

Apparently when you copy the token from duckdns, it copies the first space. When you paste it into the configuration file, you don’t see it because it is hidden and shows all dots. Even when you click the eye to show it, it’s tough to see the space given the font.
Make sure there is no space at the beginning of the token.

11 Likes