HA core 2022.8.4 installed on Rpi 4
DuckDNS 1.15.0
For a long time I’ve ignored the messages about security and gone ahead anyway. Its time to look into it, and I see now that DuckDNS reports in the log that the certificate is fine, but Chrome tells me the certificate expired over a year ago.
DuckDNS is installed using the standard approach, configured like this:
domains:
- xxxxxxx.duckdns.org
token: xxxxxxxxxxxxxxxxxxxxxx
aliases: []
lets_encrypt:
accept_terms: true
algo: secp384r1
certfile: /ssl/fullchain.pem
keyfile: /ssl/privkey.pem
seconds: 300
DuckDNS Log shows:
Processing xxxxxxxx.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Feb 12 20:33:29 2023 GMT (Longer than 30 days). Skipping renew!
HA config file includes this:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Router shows port 443 forwarded
BUT**
Chrome shows site is not secure, certificate is not valid
Issued To
Common Name ()CN xxxxxxxxxx.duckdns.org
Organisation (O) Not part of certificate>
Organisational Unit (OU) Not part of certificate>
Issued By
Common Name (CN) R3
Organisation (O) Let’s Encrypt
Organisational Unit (OU)
Validity Period
Issued On Friday, 1 October 2021 at 21:41:41
Expires On Thursday, 30 December 2021 at 20:41:40
Fingerprints
blah
There seems to be two certificates here, and I dont know how to sort this out ?
I found a thread suggesting that removing the /ssl from the duckdns config lines may help - it didn’t ! No change to the message shown by Chrome
I used ssh and listed the files in /ssl, and it shows just fullchain and privkey
I’ve tried to load the certificate expiry integration, but it fails when I try the host as both xxxxxx.duckdns.org and the internal 192.168.1.200
I’m sure I’ve done something wrong, but cant figure out what.