Duckdns + let's encrypt with custom port

Hello,

I’m really struggling to get my SSL certification.

My external url is: mydomain.duckdns.org:8124

I’m redirecting my custom port, 8124 to internal port, 8123.
I installed duckdns addon, which is working fine and now I’m stuck with let’s encrypt addon.

Let’s encrypt config:

domains:
  - mydomain.duckdns.org
email: [email protected]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: http
dns: {}

Duckdns config:

domains:
  - mydomain.duckdns.org
token: my-to-ken
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300

For what I understand, with http challenge, I have to use port 80 or 443 (but I use 8124), and with dns challenge, duckdns is not supported.

What are my options?

I’m pretty sure you can use dns challenge with duckdns.
For http challenge, it’s port 80 and nothing else.

I tried with dns challenge. If I do not fill the “dns” field, I get these logs:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[17:36:34] INFO: Selected DNS Provider: null
[17:36:34] INFO: Use propagation seconds: 60
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

And if I set it to something:

domains:
  - mydomain.duckdns.org
email: [email protected]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
  provider: duckdns

then I get this error:

Failed to save add-on configuration, value must be one of ['dns-azure', 'dns-cloudflare', 'dns-cloudxns', 'dns-digitalocean', 'dns-directadmin', 'dns-dnsimple', 'dns-dnsmadeeasy', 'dns-gandi', 'dns-gehirn', 'dns-google', 'dns-google-domains', 'dns-hetzner', 'dns-inwx', 'dns-linode', 'dns-luadns', 'dns-netcup', 'dns-njalla', 'dns-nsone', 'dns-ovh', 'dns-rfc2136', 'dns-route53', 'dns-sakuracloud', 'dns-transip']. Got {'domains': ['mydomain.duckdns.org'], 'email': '[email protected]', 'keyfile': 'privkey.pem', 'certfile': 'fullchain.pem', 'challenge': 'dns', 'dns': {'provider': 'duckdns'}}

And duckdns is not on the list of supported dns

Ok, maybe not with the letsencrypt addon, but with the duckdns one.

Oh, so I don’t have to install Let’s encrypt addon to make it work? That’s interesting. I didn’t see it that way. I’m going to uninstall it and focus on Duck DNS addon configuration.

It works!

I added these in configuration.yaml and restarted home assistant:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 5

homeassistant:
  external_url: https://mydomain.duckdns.org:8124
  internal_url: http://192.168.0.2:8123

And in Duck DNS (Let’s encrypt part) configuration:

accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem
base_url: mydomain.duckdns.org:8124

Thank you!