Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for XsXXXXXX.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain XXXXXXX.duckdns.org
http-01 challenge for XXxXXXX.duckdns.org
Cleaning up challenges
Some challenges have failed.
updated port forwarding to include 80 ->80. this seems to have allowed certificates to renew now.
nginx up and running. maria db up and running. duckDNS plugin up and runningā¦
my duckDNS domain: āThe connection has timed outā :ā(
tried from a different computer and it works!!! for some reason it dosnt work from this laptop (even tried 3 different browsers). I can access internally from this laptop so if it lets google assistant integration work then im fine with that
Peter,
Thanks for the feedback.
As you probably saw @nikd1 had some problems that I canāt replicate.
Did you do anything āsubtlyā different ?
Can you identify any additional steps/changes required since the changes to the addons ?
How can I make this solution better ?
Cheers
Well, If I read it correctly @nikd1 is trying to get it to work with the addon-nginx-proxy-manager. There is an open issue in github stating that this add on has an issue with the SSL verification:
Which is the reason why the āinternal errorā is taking place. (although it was, when I was fumbling with it)
The workaround is to verify the SSL certificate yourself. Which you have to be doing manually every three months. That was for me the reason to try it with the core add on, since this SSL verification was done automaticallyā¦
@Mutt
Maybe this doesnāt belong to this subject but as a lot of people Iām struggling already for a long time to get this to work. Tried a lot and itās getting frustrating.
All the above I understand, but in my case I do have a Synology NAS āin betweenā where a Letās Encrypt certificate is defined as well and port 443 is being used.
Do I have to do things different than described in post #23? And what things do I have to change/add (like reverse proxy settings) on the NAS?
Erik,
I do have a Synology NAS but Iām a bit of a purist and donāt like to compromise āessentialā services with āother softwareā or have interdependencies regarding required restarts and software updates. So my NAS does what Synology intended, a Pi that does Kodi, a Pi that runs LMS and I have a Pi (well two actually, one is a test box) to run HA.
So I canāt offer you any specific platform advice as Iāve no experience of that.
You say you are moving to a Pi so with a generic platform, the support becomes more widely available.
Sorry
Mutt
I understand completely, donāt worry.
I hoped you or someone else, reading this treat, might had experience with it.
On a Dutch forum someone mentioned: You must assign the duckdns certificate to your reverse proxy.
I guess it my lack of knowledge that i donāt understand what is meant with it.
It depends, if you are doing the Pi installation anyway, then itās a moot point.
But if youād prefer to stick with the NAS you may be best to start a new topic with a title that will attract NAS platform users who may know specifics to your installation.
Awesome post, Mutt! You probably saved me hours and hours of difficult research. I followed the steps, and outside secure access is working great! Thank you so much for putting this together in one spot!
Thanks, Mutt!! Iāve solve the SSL problem according to your method.
One more question is about ipv6.
I donāt have the actual ipv4 address, but I can get the ipv6. I want to use the duckdns sync my ipv6 address. The instruction of duckdns says it will auto detect both ipv4 and ipv6. But when I look at the log file, it only shows the ipv4. I have to manually update the ipv6 address on duckdns website. Is there any way to fix this? Thanks!
Hmmm !
I donāt have ip v6 so Iām not 100% sure.
You may need to open a topic specific to that.
The whole idea though is that the duckdns addon contacts the duckdns website with your access token. It checks your token and says ābeagle is contacting me from w.x.y.zā update beagleās address to that.
So maybe your modem is preferentially using ip v4 ? I dunno, its just a guess.
Did you ālikeā the thread (boosts ranking for others looking for a solution) ?
Cheers
I used a shell script (examples on duckdns site) to update my IPv6 address. Most ISP/RSPās give you a static IPv6 anyway so it should not be changing even if the IPv4 is dynamic.
I have followed the document of the duckdns addon and add the ipv6 option with the address āhttps://api6.ipify.org/ā. But the log shows KO. I also found on the duckdns which says they canāt update the ipv6. I was wondering to change a ddns.
One more weird situation:
I have manually updated ipv6 on duckdns website.
And I can connect through https://xxxx.duckdns.org when I was in my local network.
Once I leave the local network, the address was broken.
I have tried turn off the firewall or add 2000::/3 into firewall but still the same.
for IPv6 it should be a single IPv6 addressā¦ not a range and you should open a single port to it.
Your screenshots look like nothing I have ever seen beforeā¦
