Hass.io Add-On: letsdnsocloud - Custom Domain SSL & DDNS

hassio-addon
Tags: #<Tag:0x00007f20382f9798>

#1

Hass.io Custom Domain with free CloudFlare DNS hosting, DDNS and Let’s Encrypt.


Features:

  • Automatic A record creation with current IP.
  • Domain or Subdomain supported.
  • Dynamic DNS using the CloudFlare API, monitors changes and updates IP every 5 mins.
  • Let’s Encrypt certificate generation via DNS Challenge.
  • Automatic DNS Challenge TXT record generation & cleanup.

This addon came about due to my inability to use the 2 current external access add-ons for my use case.

Firstly I wanted to use my own domain rather than Duckdns. Secondly I didn’t want to open port 80 to the world and the Let’s Encrypt add-on has a HTTP challenge which requires it.

Using the CloudFlare API the add-on will automatically update your IP address which negates the need for a third party DDNS service.

The Let’s Encrypt certificate generation code is from the Duckdns add-on, if I have incorrectly assigned license or credit please let me know.

I’ll do my best to support any issues. Please provide feedback!


Repo URL:

Installation:


Quick & Dirty get started guide:

1. CloudFlare

  • Sign up for free account.
  • Add your base domain (no need to create any DNS records).
  • Make a note of the CloudFlare name servers.
  • Turn off the free SSL option under the Crypto menu (SSL to Off & Disable Universal SSL).

2. Domain Registrar

  • Change nameservers for your domain to point to Cloudflare.

3. Home Router

  • Forward desired public facing port (TCP & UDP) to your Hassio local IP & port (default local port is 8123).

4. Hassio config

  • Edit config file with your CloudFlare Global API Key, your CloudFlare email address and domain.

  • Hit start and wait for it to create the certificates.

  • Add the following to your configuration.yaml:

    http:
        base_url: https://your.domain.com:portnumber
        ssl_certificate: /ssl/fullchain.pem
        ssl_key: /ssl/privkey.pem
        ip_ban_enabled: true
        login_attempts_threshold: 5
    

5. Restart homeassistant

  • Profit.

#2

Just thought I would let you know it was all profit on my end.
No issues
You’re an absolute champ :slight_smile:


#3

Hello! Could you say, will it work if my provider does not give me static IP address? And seems like it uses CGNAT (but I am not sure)


#4

Yes sir, it will update your A record IP automatically every 5 mins if it changes.

Unsure if it works with ISPs that utilise CGNAT but feel free to try it out.


#5

And should I have a domain for that? Or it will be created?


#6

need to have your own domain first - you can get a free one here:

https://www.freenom.com/en/index.html?lang=en

After you create one you have to point the domain to the servers cloudflare gave you in step 1. Here’s the instructions for freenom:

https://my.freenom.com/knowledgebase.php?action=displayarticle&id=3


#7

Hi there, I seem to have an issue with this. Configured everything over on cloudflare, added domain and cloudflare account in addon configuration page and added config in configuration.yaml. I start the addon but log is empty and when I reload it shows as not started. Any ideas?


#8

I deleted my certs + add-on and tried again on mine and everything worked fine.

Are there any errors in your log file? Press hass.io in the menu and go to system.


#9

Log is empty and while addon seems to start when I start it, it’s off upon refreshing. Also no errors in log file. This is what happens:

18-12-27 20:42:39 INFO (SyncWorker_12) [hassio.docker.addon] Start Docker add-on /armhf-addon-letsdnsocloud with version 1.1
18-12-27 20:42:42 INFO (SyncWorker_5) [hassio.docker.interface] Stop /armhf-addon-letsdnsocloud Docker application

Any other ideas?


#10

Not too sure man! I’m pretty new to HA myself, just set it up a month ago and still learning.

Click on the about page by going to the dev tools down the bottom of the sidebar, very end icon: ( i )

Maybe something in there will help you troubleshoot?


#11

Does this require hass.io or can I use this on a normal home assistant install?


#12

All add-ons require hass.io:


#13

Newb here.
I created a new name in freenom, created an account in cloudflare and added a site (the one created in freenom).
Now in CloudFlare its written “pending nameserver update” under my site

I don’t get which are the nameserver I have to put in freenom


#14

you can find your assigned Cloudflare namesevrvers in the DNS tab of your dashboard below the DNS records.


#15

Found, thanks


#16

Thank you so much for this! I’ve been trying to get things working with DuckDNS and Let’s Encrypt for weeks, but this is so much better because it a) actually works and b) gives me a use for one of my spare domain names.


#17

so interestingly enough this seems to work - YAY!
but… I keep getting this error in my log…

2019-01-22 18:56:54 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2019-01-22 18:56:54 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

ummm??? Same issue? Any ideas?


#18

Yeah, it seems to be a common issue across a few add-ons:

Maybe it’s the duckdns code I reused to perform the DNS challenge for Let’s Encrypt.

Haven’t had the time to troubleshoot this, will have another look when I have a chance.


#19

More info: