Problem : Duckdns add-on / renew certificate for sub-sub-domain (hass.xxx.duckdns.org)

Installation Home Assistant OS
1

Hi,

(Home Assistant 0.106.5 & Duck DNS add-on 1.11)

I use Duck DNS add-on to renew my SSL certificates.
I’m able to renew my certificate with “xxx.duckdns.org” but not with “hass.xxx.duckdns.org”. I was able to to it before with the “let’s encrypt” add-on so I presume that it could be possible with the Duck DNS add-on from hass.io.

From my configuration.yaml :
(yes I access to my home assistant by using this adress with a special port :
https://hass.xxx.duckdns.org:1234)

http:
  base_url: https://hass.xxx.duckdns.org:1234
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Configuration of my Duck DNS add-on :

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: xxxxxxxxxxxxxxxxxxxxxxxxxxx
domains:
  - hass.xxx.duckdns.org
seconds: 300

Port forwarding on my router :

external 1234   -> internal 8123  -> main redirection for Home Assistant
external 443    -> internal 8123  -> redirection for SSL generating

Error on the logs of Duck DNS add-on :

# INFO: Using main config file /data/workdir/config
+ Account already registered!
[01:42:53] INFO: KO
# INFO: Using main config file /data/workdir/config
Processing hass.xxx.duckdns.org
 + Creating new directory /data/letsencrypt/hass.xxx.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for hass.xxx.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
KO + Responding to challenge for hass.xxx.duckdns.org authorization...
 + Cleaning challenge tokens...
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"\" found at _acme-challenge.hass.xxx.duckdns.org",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxxxxx/xxxxxxx",
  "token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
})
KO + Challenge validation has failed :(
[01:48:04] INFO: KO

SSL renew working fine if I remove “hass.” in the “domains” section of the Duck DNS add-on … but I car about my sub-sub domain :wink:

Any idea of what I’m doing wrong ?

Thanks !

2

@schmurtz, did you ever get this working? I want to do the same thing and running into the same “Incorrect TXT record” error you’re getting. I’m starting to doubt that it’s possible to do a sub-sub-domain using the add-on stuff…

3

I used to have it working but I upgraded to 2024.3 this weeks and suddenly problems with the companion app. In a web browser it still works