I’m trying to get the DuckDNS add-on to generate a valid certificate for my domain.
I own a domain I want to use for my home assistant instance. I’ve created a CNAME record in that domain’s DNS to point to the subdomain I have with DuckDNS. That works fine… but I cannot get the Let’s Encrypt piece to validate my domain (since it never presents me with a challenge code to put in a txt record). It generates a cert for the DuckDNS subdomain just fine, but throws a bad challenge error on my domain.
How is this supposed to work? I’ve followed the documentation closely and have my configuration exactly how they have it in their example but it doesn’t work.
Any help would be appreciated.
Here’s my config
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: blah
domains:
- mysubdomain.duckdns.org
- ha.mydomain.com
aliases:
- domain: ha.mydomain.com
alias: mysubdomain.duckdns.org
seconds: 300
Here’s the error
+ Valid till Dec 20 23:57:13 2020 GMT Certificate will not expire
(Longer than 30 days). Ignoring because renew was forced!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for mysubdomain.duckdns.org
+ Found valid authorization for mysubdomain.duckdns.org
+ Handling authorization for ha.mydomain.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
OK + Responding to challenge for ha.mydomain.com authorization...
+ Cleaning challenge tokens...
OK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ha.mydomain.com - check that a DNS record exists for this domain",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/blah/blah",
"token": "blah-blah"
})