I just cannot get Duckdns to renew certificates with an alias. I’ve added everything I can think of to the dns record and it just - won’t - work. There’s a few similar topics but I’ve exhausted what’s been concluded there.
If there’s no way to get it working, what could an alternative solution be? I’ve considered using nginx proxy manager to make a certificate and then copying it or referencing it where needed, has anyone tried that? I’m on HAOS.
(replaced sensitive areas with xxx)
DNS record:
Duckdns configuration:
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
algo: secp384r1
token: xxx
domains:
- xxx.duckdns.org
aliases:
- domain: lan.xxx.se
alias: xxx.duckdns.org
seconds: 300
Duckdns log follows:
[09:01:01] INFO: Renew certificate for domains: [xxx.duckdns.org](http://xxx.duckdns.org) and aliases:
[lan.xxx.se](http://lan.xxx.se)
# INFO: Using main config file /data/workdir/config
Processing [xxx.duckdns.org](http://xxx.duckdns.org) with alternative names: [lan.xxx.se](http://lan.xxx.se)
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Jan 13 19:45:[34 2022](tel:342022) GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for [lan.xxx.se](http://lan.xxx.se)
+ Handling authorization for [xxx.duckdns.org](http://xxx.duckdns.org)
+ 2 pending challenge(s)
+ Deploying challenge tokens...
OKOK + Responding to challenge for [lan.xxx.se](http://lan.xxx.se) authorization...
+ Cleaning challenge tokens...
OKOK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "Incorrect TXT record
\"fvy9A0n7KYbB01pR6r_DNXfb7gOAeHVwtyQ-xaJf7ns\" found at _acme-[challenge.lan.xxx.se](http://challenge.lan.xxx.se)"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"fvy9A0n7KYbB01pR6r_DNXfb7gOAeHVwtyQ-xaJf7ns\" found at _acme-[challenge.lan.xxx.se](http://challenge.lan.xxx.se)","status":403}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/64099610700/81Y0Mgf"
["token"] "xxx"
["validated"] "[2022-01-02](tel:20220102)T08:01:13Z")