My HA went corrupt two weeks ago and I had to re-install from scratch. For DuckDNS and Letsencrypt I just restored a backup, but it doesn’t work. I can not see the reason for the problem.
This is my configuration for DuckDNS:
domains:
- my-domain-hide.duckdns.org
token: [my token here, removed for security reasons...]
aliases: []
lets_encrypt:
accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem
seconds: 300
This is the resgistry’s output:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[08:10:01] WARNING: KO
[08:10:05] INFO: Renew certificate for domains: my-domain-hide.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing my-domain-hide.duckdns.org
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for my-domain-hide.duckdns.org
+ 1 pending challenge(s)
+ Deploying challenge tokens...
KO + Responding to challenge for my-domain-hide.duckdns.org authorization...
+ Cleaning challenge tokens...
KO + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "Incorrect TXT record \"\" found at _acme-challenge.my-domain-hide.duckdns.org"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"\" found at _acme-challenge.my-domain-hide.duckdns.org","status":403}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/224257245077/_WSsjw"
["token"] "[my token here, removed for security reasons...]"
["validated"] "2023-05-02T06:10:29Z")
[08:15:43] WARNING: KO
And this is my Letsencrypt configuration:
domains:
- my-domain-hide.duckdns.org
email: [email protected]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: http
dns: {}
And finally my configuration on ha:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Any idea why it fails or what to look for?