Just a thought but you might want to consider blurring out your domain and duckdns token on that image.
The good news is that there appears to be nothing wrong with your setup. I can get to it just fine.
ok i dont know how that happened but the token that was in that picture was NOT my duckdns token. I shut off duckdns and deleted the pic just for good measure. Just to check, before i shut it down I still couldnt get in. Im lost and more than a little bit concerned.
When I try to access HA from the outside, I get a certificate error. This seems like a new problem, but I’m not sure where to start.
I got nervous and deleted that domain. im setting it up with a new domain now.
Here’s how I fixed it. I deleted fullchain.pem and privkey.pem from the ssl directory, then removed my domain from duckdns. Re-added the same domain and restarted the Duckdns add-on. The pem files were rebuilt and now everything is back.
Same problem here, but I followed your instructions without luck.
- Seems the addon doesn’t sent the TXT to duckdns as it shows as empty
\"\"
- my
privkey.pem
andfullchain.pem
are not rebuilt after restart the addon
Looking for a solution
Hi,
did you fix the problem in the meantime? My certificate renew also does not seem to work correctly.
Greetings
I also solved it by deleting fullchain.pem and privkey.pem from the ssl directory, then removed my domain from duckdns. Re-added the same domain. The pem files however were rebuilt on a full system restart.
Hoping not getting the same problem again when the new cert expires in another three months…
Yeah, no luck! A few months down the line and the same problem occurs. This LetsEncrypt/DuckDNS in Home Assistant is broken for sure. Tried my own solution from last time around but now the interface is not coming back at all (not even on local network connection)! Now struggling with a totally broken HA server. This is a real bummer!
Half a day spent fixing HA (removed the lines in the http: section in configuration.yaml by using USB keyboard and my TV to use the undocumented “login” command) and then the certificate:
Removed all aliases from the DuckDNS config leaving only the original line:
aliases: []
Restarted DuckDNS and finally challenge was working. Then added the aliases section back, restarted DuckDNS again and now everything is back to normal (until december 21 when this will most likely happen again).
I also just ran into the same problem:
OKOK + Responding to challenge for <mydomain>.duckdns.org authorization...
+ Cleaning challenge tokens...
OKOK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "Incorrect TXT record \"M25OMYJjoHN2PJq4YvGc5-TcBE_A69PljnnxLkUgRLM\" found at _acme-challenge.<mydomain>.duckdns.org"
I fixed it, as others have done, by doing this:
- Deleting the files in
~/ssl/
(use the Terminal & SSH addon, and runrm -rf ~/ssh/*
). - Removing the custom domains from DuckDNS config so that the aliases section reads as
aliases: []
. - Restart DuckDNS, switch to the Log tab and confirm no errors. A new cert and key will have been generated and saved to the ~/ssl directory.
- Restore the DuckDNS config to what it was before and restart DuckDNS again. This time my certificate renewed successfully.
I also just set a reminder for me to go look at this forum post on Jan 1 15:58:24 2022
You’re my hero of the day! Reminding myself to this post as well in a few months Happy New Year!
And exactly 3 months later autorenewal failed again.
But this time less messing about…
- Remove aliases, just replace with
aliases: []
. - Restart the addon
- Assuming it renewed ok, add the aliases back in
- Restart the addon
Boom!!! Back in business.
Super! I also have the calendar set to remind me in december. However, do we know where to report this apparent bug so it might be fixed for everyone before then? I looked last time but couldn’t find any forum for bug reporting.
Another 3 months, another manual renewal needed. It looks like this issue has been reported in the HA addons repo here: duckdns can't obtain cert after upgrade to 1.12.5 · Issue #1869 · home-assistant/addons · GitHub
Thanks for this, was banging my head against a wall for a while trying to figure out what was wrong but seems like it was just this same bug
Whooohooo and here we are again. Activity on the GH issue doesn’t look promising, sadly but the workaround still works!
If we can’t get this bug fixed, can we at least add a note to the documentation describing that renewal with aliases doesn’t work and how to work around it?
that renews the duckdns domain certificate right? because you removed the aliases section so the alias domain certificate, does not get renewed?