GoDaddy DNS Add-on SSL certificate expiration

arzaman · May 27, 2024, 3:56pm

Hello,

I successfully installed the GoDaddy DNS Add-on to enable remote access to my Home Assistant instance. It worked perfectly for a few months, but now I am encountering an issue with SSL certificate expiration.

/usr/bin/dehydrated: line 737: 1: unbound variable
[17:39:45] WARNING: Renewal failed for domain: ha.mydomain.com
[17:44:47] INFO: Renewing certificate for domain: ha.mydomain.com
# INFO: Using main config file /data/workdir/config
Processing ha.mydomain.com
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till May 23 15:44:33 2024 GMT (Less than 30 days). Renewing!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for ha.mydomain.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
{"code":"ACCESS_DENIED","message":"Authenticated user is not allowed access"}
 + Responding to challenge for ha.mydomain.com authorization...
 + Cleaning challenge tokens...
{"code":"ACCESS_DENIED","message":"Authenticated user is not allowed access"}
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]	"dns-01"
["status"]	"invalid"
["error","type"]	"urn:ietf:params:acme:error:dns"
["error","detail"]	"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ha.mydomain.com - check that a DNS record exists for this domain"
["error","status"]	400
["error"]	{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ha.mydomain.com - check that a DNS record exists for this domain","status":400}
["url"]	"https://acme-v02.api.letsencrypt.org/acme/chall-v3/35618026/Z6DgPg"
["token"]	"tKXjjPJs8JB7pigYTFgyki3iXi-fr5EdStQ"
["validated"]	"2024-05-27T15:46:01Z")

I cannot find a way to renew the certificates. I also installed the Let’s Encrypt add-on, but it doesn’t support certificate renewal via DNS challenge with GoDaddy.

I have created a new GoDaddy API key, but it hasn’t resolved the issue.

Does anyone have any ideas on how to renew the certificates and automate the renewal process?

Thank you,
Davide

Matthew_Lynch · June 7, 2024, 2:06pm

Developers frustrated by recent GoDaddy API restrictions - Domain Name Wire | Domain Name News.

API access now requires at least 10 domains in your godaddy account.

arzaman · June 24, 2024, 8:42pm

I see the news what a mess
so basically the GoDaddy add on doesn’t work any more for standard deployment with less that 10 domains
Any alternative to renew the certificate?
I’m stuck…

arzaman · June 25, 2024, 2:13pm

ve solved the remote access issue for Home Assistant with an alternative method.

Solution: Set up an SSH reverse tunnel to a Digital Ocean droplet with a fixed IP address, using it as a proxy for traffic on port 8123.

Benefits:

Simple Configuration: The setup process is straightforward.
Effective Performance: It works flawlessly for accessing Home Assistant remotely via a web browser or mobile app.
Cost-Effective: The cost of maintaining a public cloud server is significantly lower compared to other solutions.
Versatility: The server can also be utilized for other applications requiring a fixed IP, NAT, and firewall traversal.

Additionally, I am considering switching from GoDaddy as my domain registrar due to their unacceptable behavior.