LetsEncrypt error: Invalid character in DNS name

Installation Home Assistant OS
1

Hi,
Just wondering if anyone has encountered this issue before please.
I hit start in Letsencrypt and its logging this error:

starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Invalid character in DNS name
Please see the logfiles in /var/log/letsencrypt for more details.

These are my settings for letsencrypt:

{
  "email": "[email protected]",
  "domains": [
    "[email protected]"
  ],
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

My email address or duckdns domain do not use any characters, hyphens or underscores.

Any suggestions please?

EDIT: I have tried to navigate to var/log/letsencrypt to find a log over ssh, but the folder is empty.

2

Why is there an @ symbol in your domain?

3

^ this

Should be a .

4

Wow! How did I miss that?

Don’t I feel like the total noob?! Haha

Thanks guys.

5

Now running into a new problem.

Here’s the log from LetsEncrypt:

starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxxxxxxxx.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxxxxxxxxxx.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xxxxxxxxxxxxxxx.duckdns.org/.well-known/acme-challenge/DUVkMfAX0J3_hpF0En9dOoUkgSL5zTP6iLIs_oX1K9o: Timeout
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: xxxxxxxxxxx.duckdns.org
   Type:   connection
   Detail: Fetching
   http://xxxxxxxxxxxxx.duckdns.org/.well-known/acme-challenge/DUVkMfAX0J3_hpF0En9dOoUkgSL5zTP6iLIs_oX1K9o:
   Timeout
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I think this message has to do with the port forwarding rules on my router.

Here is the port forwarding rules setup on my router:

6D2FE38F-14C0-4D36-AE04-844E3D96BB33
6D2FE38F-14C0-4D36-AE04-844E3D96BB331090×680 192 KB

And here are the ports open on my local ip where my Raspberry Pi is:

DF8C9288-4D05-4041-B4BB-BBC3C65AB781
DF8C9288-4D05-4041-B4BB-BBC3C65AB7811536×700 147 KB

Should port 80 be already open on my Raspberry Pi for port forwarding to work?

If I use an open port checker, like https://www.yougetsignal.com/tools/open-ports/, port 80 is closed.
I’ve spoken to my ISP, and they assure me that they are not blocking any ports.
I personally believe its an issue with my router (Nighthawk R7000).

I’ve been at this for days now with no luck. :frowning:

Any suggestions please?

6

Is the second picture some kind of auto discovery for open ports on a specific ip? If so I wouldn’t consider it a problem that port 80 isn’t shown here. The add-on should open the ports only when needed (that is, when running the challenge).

I’d suggest you configure your router to forward external port 80 to internal port 8123 and check if you can see the hass.io login while connecting from the outside. that way you can make sure it’s not your provider’s fault.

Is your dns entry up to date (does xxxxxxxxxxx.duckdns.org point to you current ip)?

7

I ended up using these instructions and didn’t need to install/run letsencrypt, as duckdns takes care of everything now - And no need to open any ports! (Apart from 443 to 8123).