Duckdns configuration error

Pabloreiriz · November 11, 2024, 10:44pm

Dear guys, it is my first time here. sorry if i am doing something wrong.

I want to open my HA to internet to access it outside of my house.

I want to do it by duckdns but i am doing something wrong and i don´t know what.

my config is the next:
domains:

XXXXXXXXXX
token: XXXXXXXX
aliases:
lets_encrypt:
accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem
seconds: 300

I created my damain and i put my token

i also put

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

on configuration-yaml

but when i try to run duckdns something appeared
Cleaning challenge tokens…

OK + Challenge validation has failed

ERROR: Challenge is invalid! (returned: invalid) (result: [“type”] “dns-01”

[“url”] “https://acme-v02.api.letsencrypt.org/acme/chall-v3/428811273357/JJiwFw”

[“status”] “invalid”

I have tried with a lot of variants that i found on internet but nothing has improved.

at the end i found one guy that just waiting 2 days suddently it started to work however does not make sense for me.

In any case I am pretty lost to how to install ir properly and go to the next step to open my HA to internet.

thanks in advance!

Regards!

ajfriesen · November 12, 2024, 6:25am

If you do something with let’s encrypt, always start with the staging area.
Let’s encrypt production area will block you for a week very, very quickly.

If you manage to get a staging certificate, then you move to the production area.

That way you also remove the problem of being blocked by too many requests.

Pabloreiriz · November 12, 2024, 8:45am

Thanks Andrej, so your advice is remove rhe program including all the files inside reboot and start a new duckdns instalation starting with configuration.yaml?

If i am already blocked i must wait 1 week?

Regards!!

Pabloreiriz · November 12, 2024, 8:53am

Or may you mean put the lets_encrypt code first like this:

lets_encrypt:

accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem

XXXXXXXXXX
token: XXXXXXXX
aliases:

seconds: 300

ShadowFist · November 12, 2024, 6:52pm

I can’t help you in case you have a wrong indentation because your code is incorrectly formatted.

However, I can provide a sample of my duckdns config which works:

domains:
  - whatever.duckdns.org #replace with yours
token: abdc11111-1111-1111-1111-abca1111bcabcabca #replace with yours
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 6000

If you are using multiple domains, you need to set an alias as per this old issue. Hopefully this puts you on the right path.

PS - regarding your “just waiting 2 days suddenly it started to work” part. You might need to reboot (not restart) your entire system for the changes to be picked up. At least, that’s been my solution when certificates don’t get renewed

Pabloreiriz · November 12, 2024, 10:00pm

Hi Guys, thanks a lot!

Duckdns is runing and nginx also i just need a deep reboot

However i can not access to my domain, i made even a DMZ over the ip on my of my home assistant on my router but it still does not work.

I made ping to my domain and this give me my public ip so it seems like it is runing but i can not access.

do you have any advice over it?

Regards!

Pabloreiriz · November 13, 2024, 5:51pm

Hi All, after a big fight i found the solution.

My internet provider had me on CG-NAT system, this was the root cause i could not access to my domain. So i called to my company i submit a request to be out of CG-NAT and all start to work. Thanks for the support, step by step we finally got it.

Regards!