Just load this URL in a browser, ideally in incognito mode so the token doesn’t get stored in the history: https://www.duckdns.org/update?domains=YOURDOMAIN&token=YOURTOKEN&txt=YOURTXTRECORD
2 Likes
It took me some time but I eventually understood what @Hausanschlussraum meant:
google search console will give you a txt to add to your dns server. This is something that only a site owner can add.
Normally providers like namecheap have a control panel that give you the possibility of changing all your dns records, but unfortunately duckdns doesn’t. Apparently.
Indeed if you login to search console you will get the YOURTXTRECORD verification string. The other two fields (YOURDOMAIN and YOURTOKEN) come from your duckdns configuration.
Assemble the three strings in https://www.duckdns.org/update?domains=YOURDOMAIN&token=YOURTOKEN&txt=YOURTXTRECORD and paste the string in a browser. You’ll get an OK reply from duckdns when the record is properly added.
7 Likes
I did this and now you can reach my Fritzbox from the Internet. How can I undo this?
I clicked on the link on the left, i.e. took the domain
https://search.google.com/u/1/search-console/welcome?pli=1
I have the problem with a different URL
NET::ERR_CERT_AUTHORITY_INVALID
I updated the DNS TEXT entry on my duckdns domain and google was able to verify the token successfully. However, when I clear my cache and relaunch Chrome, I still get the deceptive error. How long does this take to go into effect? Should it be immediately?
I don’t think adding the TXT is enough, as it just opens up the access to google console, where it’s clearly said that the site has malicious actions and phishing too.
I think only the hassio team can fix it
2 days ago this started for me as well. I have sent 4 reports to google about white flag my page, still no response and it’s still red flagged. What have you done to resolve this?
Same here. Very annoying red warning. I can use alternative browser , but main issue is the HA app on my android 
2 Likes
Hit the wrong button.
Update: it has started flagging the site again so back square one and the fact that app does not work anymore
@mint_and_stone70 's method worked for me
This is where you would get the “yourtxtrecord”
Had the same problem, whitelisted the site by google, then it worked again. Now it stopped working again, though interestingly enough, the App now works just fine. Chrome and Firefox block it though…
The search console had no effect as far as I can tell…
Any suggestions? Happy about any hint in the right direction…
Same problem here 
Same here with a duckdns domain.
Does Google own internet ?!
Tried multi times the form without any result.
I had the nginx proxy manager add-on but no idea where to put the verification file.
I tried the nginx SSL proxy add-on with the same problem ; where put the verification file ?
Without access to the containers, how to do ?
Has someone any detailed instructions on how to do that on home assistant OS, please ?
Edit : so, I tried the below method :
https://www.duckdns.org/update?domains=YOURDOMAIN&token=YOURTOKEN&txt="YOURTXTRECORD" (with quotes)
and it prints “OK”.
Waiting for the good news…
1 Like
This is driving me insane. Sent multiple requests to Google over the past week and still no response or fix. I did the duckdns verification method through google search console and sent a request for review with a very passive aggressive message since the last 4 requests done through the dangerous website popup were seemingly ignored. Hopefully this fixes the issue but I don’t have much hope.
Google seems to increasingly be a complete wasteland of software bugs and inoperability and I am getting to a point where I completely hate their services. This is partially why I switched to Home Assistant in the first place as Google Home is super buggy, crashes constantly on multiple devices, and increasingly nonfunctional.
Maybe this can be fixed such that the website does not get flagged by Google with future updates from the HA team?
It works with the duckdns address “trick” ! I hope it will last forever…
… And I think to go away of Google services when possible.
It all started again for me just today… did all the usual tricks again, no success for now…
Anybody else also running in to problems again?
I just switched from Google Chrome browser to MS Edge. Problem solved.
this pretty much happen to all DDNS provider. if you want to avoid it, just buy your own domain, or just ignore the error or ditch google chrome all together and use firefox or chromium instead.
After reporting the problem to Google a bunch of times and getting it temporarily fixed twice, I gave up on the third one and switched to MS Edge as you suggested.
What I couldn’t get a workaround for yet is the Companion App. Any suggestion?
Oh, one curious thing I realized: Custom cards used in Lovelace crash when the phishing warning starts, even if I try to overcome the warnings. Everything is good using MS Edge though.
The situation with Google hasn’t been resolved yet; my newly created domain on duckdns was also flagged as “Dangerous”. It took some trial and error from the steps mentioned in this thread to have it solved.
Here’s the exact steps I took to resolve the issue of having my duckdns subdomain flagged as Dangerous (My appologies that I had to mutilate a lot of links in this post; I’m not yet allowed to post something with more than 2 links. So be weary of that when you copy/paste links – you may need to remove some spaces or change comma’s back to dots…)
- Go to https://search.google.com/search-console/welcome?pli=1
- On the right hand side, you’ll see a box called "URL Prefix’
- Enter your HA Duckdns URL – e.g. https:// yourdomain.duckdns. org:8123
- Click the ‘Continue’ button
- In the resulting box you’ll see something about an html file for verification. Ignore that.
- scroll down until you see an expandable box with a twisty named “Domain Name Provider”
- Open that box by clicking it
- You’ll see something like Select Record Type – leave this at the recommended TXT setting
- Under bullet 3 here you’ll see something like this:
google-site-verification=1a2B3c4-very-long-alpha-numeric-code-Af1BSde7
and a ‘Copy’ button. Copy the whole code INCLUDING “google-site-verification=”
Don’t close this window or tab and don’t click anything else yet either!! Just continue with step 10. - Open a new browser window or tab and log in to duckdns
- Copy your account’s Token (shown on top)
- Construct your Duckdn update URL (https://www.duckdns.org/update?domains=YOURDOMAIN&token=YOURTOKEN&txt=YOURTXTRECORD)
12.1 YOURDOMAIN= yourdomain.duckdns,org
12.2 YOURTOKEN= the token you copied from step 11 above
12.3 YOURTXTRECORD= the Google verification code you copied in step 9 above.
12.4 your constructed URL now looks something like:
https:// www.duckdns org/update?domains=yourdomain.duckdns. org&token=6eF6d&hhU-2772dhdhG3UwVf-28E28e99-8GhHtu65DeW&txt=google-site-verification=1a2B3c4-very-long-alpha-numeric-code-Af1BSde7 - Paste the newly constructed URL in your browser’s address bar and hit enter
- Duckdns should reply with a blank page with only the letters ‘OK’ on it. If so, all’s good. If it shows ‘KO’, you did something wrong and you’ll need to check the URL you constructed
- Go back to the Google tab or window in your browser and click the ‘Verify’ button you see.
- If you performed all steps correctly, you should get a congratulation telling you the ownership verification has succeeded.
- All done, congrats on solving the Dangerous flag issue on your own HA site!
I hope this helps people! Cheers.
4 Likes
THIS ONE DESERVES FAR MORE ATTENTION
cause it is an easy way if you follow the instructions really carefully.
That means especially to correct the intentionally broken links by removing spaces and replacing ‘,’ with ‘.’ which I have done here for all those that wanna follow the instructions to save times
STEP 1
https://search.google.com/search-console/welcome?pli=1
STEP 3
https://yourdomain.duckdns.org:8123
STEP 12
https://www.duckdns.org/update?domains=YOURDOMAIN&token=YOURTOKEN&txt=YOURTXTRECORD
BE AWARE that in STEP 12
YOURDOMAIN means domain only without the port “:8123”
If you like to copy that from the URL mentioned in STEP 3 DO NOT COPY the leading “https://” and the port at the end “:8123”
In case you ignore that adivce you’ll get a “KO” message mentioned in STEP 14.
Very good step by step solution
how to get rid of this annoying message which is a nightmare for all the end users in our family’s that are not it geeks. My father was totally shocked when it appeared for the first time and google was warning him how dangerous his home assistant must be.
Hats off, well done !
I did all ot those steps, but when I load into the google property I see this message
2 issues detected
Google has detected harmful content on some of your site’s pages. We recommend that you remove it as soon as possible. Until then, browsers such as Google Chrome will display a warning when users visit or download certain files from your site.
Deceptive pages
These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information
Possible Phishing Detected on User Login
The browser will show pop-up warnings when users enter saved login credentials into some pages on your site.