DuckDNS not using correct certificates

ppmlind · January 16, 2023, 6:40pm

Hi,

I’ve been having an issue with home assistant and duckdns every 3 months now, and it is driving me crazy. I’m running home assistant on a raspberry pi 4, and I’ve setup duckDNS with let’s encrypt so I can access home assistant from outside via https.

Somehow DuckDNS sees a certificate that is not in any folders I can access via SSH, because if I open the certificate in the /ssl folders it shows it expires today (16 january 2023), but DuckDNS sees a certificate that expires on 17 march 2023. This certificate however I cannot find anywhere.

I’ve read all threads here, but to no avail. It might fix the issue but the 3 months later the same issue is back again.

My duckDNS config

domains:
  - xxxxxx.duckdns.org
token: xxxxxxx
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: /ssl/fullchain.pem
  keyfile: /ssl/privkey.pem
seconds: 300

my configuration.yaml

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

The logging from DuckDNS when I restart it

[19:04:30] INFO: Renew certificate for domains: xxxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing xxxxxx.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Mar 17 04:03:29 2023 GMT (Longer than 30 days). Skipping renew!

aceindy · January 16, 2023, 7:24pm

Why did you change the default configuration??
It is supposed to be;

certfile: fullchain.pem
keyfile: privkey.pem

and just leave this ‘as is’ (which is also default)

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

ppmlind · January 16, 2023, 8:17pm

I changed this because with this configuration I had the same issue. Reading through the threads this was given as a solution, and (in hindsight) temporarily fixed the issue.

I’ve reverted back to these settings, restarted DuckDNS but the issue remained (DuckDNS still telling me the certificate expires 17 match 2023).
After that also restarted home assistant but still the issue remains. If I use ssh to log into home assistant and go to the /ssl folder, the fullchain.pem still has an expiry of 16 january, while DuckDNS shows 17 march.
So somehow it is seeing different certificates that I cannot locate anywhere.

ppmlind · January 22, 2023, 10:26am

Well,

After uninstalling, removing the certificates from the /ssl folder and installing DuckDNS is seems to work again.
Let’s see what happens after the certificates expire again.

ppmlind · April 22, 2023, 4:25pm

And we are 3 months further and again the same issue.

It is still seeing some certificate that is not used by home assistant. Anybody any idea what might be causing this?

[18:22:25] INFO: Renew certificate for domains: xxxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing xxxx.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jun 21 12:20:46 2023 GMT (Longer than 30 days). Skipping renew!

Also now reinstalling duckDNS doesn’t work anymore. still getting the error that the certificate is expired.