How to fix SSL certifications after Domain change

So trying to up my game and took the plunge on purchasing a domain name and rerouting all my traffic to my HA instance via my new domain. However now have some issues since it appears some devices don’t like the certificate.

Old HA external address
Https://xxxxxx.duckdns.org

New HA external address
Https://HA.xxxxxxx.net

Using the “Swag” docker container I updated the Homeassistant port and sub domain and domain names.

After rebooting all I can access from external address from my friends pc that has never accessed my HA instance at duckdns. But any device like my phone or laptops I get this error

Ha iOS app
“Unknown error: URLSessionTask failed with error: the certificate for this server is invalid. You might be connecting to a server that is pretending to be “ha.xxxxxxx.net” which could put your confidential information at risk.”

Chrome or safari i get the warning :no_entry: proceed at your own risk warning. Then I get to the homeassistant login page and enter my credentials and it loads then says “unable to connect to Home Assistant” rety

When looking at the certificate that it can’t validate it says the certificate is listed to
xxxxxx.duckdns.org

Don’t know where to go from here to fix.

Certificates are for addresses not IP addresses. A cert for xxx.duckdns.org is not valid for ha.xxxx.net.

You need to get a new certificate for ha.xxxx.net

How do I go about getting a new certificate? And replacing or removing the duckdns one? Is that in the HA config folder or in the swag docker container?

Thanks for the input

Who is “hosting” your shiny new “.net” DNS name?
Getting a letsencrypt certificate for a domain usually means that you have to prove that you own the domain by inserting certain values in the DNS configuration for that domain.

Assuming the DNS is hosted by some provider, maybe check on their support page if there would be details on how to get a letsencrypt certificate?

Doesn’t have to be letsencrypt. There are numerous cert providers.

Of course, but afaik, it’s the only free one.
The others are professional oriented, and quite expensive, actually.

EDIT: Mmm… I didn’t know that a bunch of free certificate providers surfed on the wave :wink:

Thanks. I purchased my domain name through godaddy. They do sell ssl keys but they are very pricey. Maybe that is what I need to do I guess. Was wondering if the actual certificate was created by let’s encrypt or by duckdns. Sound like I’m stuck

Hmm, i use my own domain, and I use certbot to generate my certificates (which is let’s encrypt and also used by duckdns). Registering is a bit of a hassle, as you need to prove that you host the domain (and need to host a webserver on port 80 as part of the registration process).

I run certbot on my windows machine as scheduled task to check/update the certificate on my webserver daily and then move it to HA’s samba share

Looks like there is certbot GoDaddy plugin at certbot-dns-godaddy · PyPI

EDIT: Nevermind, there is a “pure” letsencrypt addon.
OP, you’ll have to remove the duckdns addon and install the letsencrypt one. You’ll reference your new FQDN there.

I guess the addon uses certbot as well, as there is no out-of-the box godaddy sypport for “dns” challenge. You’ll have to follow the “http challenge” route.

You could also use Caddy with a plugin for GoDaddy that will use the DNS challenge. You will get a LetsEncrypt or ZeroSSL cert for free. Caddy is a reverse proxy and there is an addon and a forum thread discussing it.

1 Like

I didn’t really paid attention to the fact that there are alternatives to letsencrypt for free certificates, nowadays. I stand corrected.