Problems with duckdns and letsencrypt

d3rax · September 15, 2018, 5:57pm

Hello everybody,

So I know this is not the first topic on duckdns and lets encrypt, but the existing topics are not working out for me.

I had a secure remote access up and running on hassbian. I used this very good and clear guide: https://www.home-assistant.io/docs/ecosystem/certificates/lets_encrypt. But after 8 days it suddenly stopped working. I could not reach my home assistant anymore, it gave the error that there could not be made a secure connection to the server. I tried to renew my lets encrypt certificate, but it had not expired and the new certificated did not change anything.

I was not able to resolve the problem, so a bit frustraded I decided to setup Hass.io. I installed the image and did a migration of my old hassbian setup. After I tested that everything was working a installed and setup the duckdns add-on (also added the lines under http: in the config file).

After starting the add-on I get the following errors in the log (i xxx’ed a few lines which I believe contain some private information):

# INFO: Using main config file /data/workdir/config
+ Account already registered!
Sat Sep 15 19:35:12 CEST 2018: OK
XXXXXXX
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing XXXX
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)
Details:
HTTP/1.1 100 Continue
Expires: Sat, 15 Sep 2018 17:35:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 149
Boulder-Requester: XXXXX
Replay-Nonce: XXXXXXX
Expires: Sat, 15 Sep 2018 17:35:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 15 Sep 2018 17:35:40 GMT
Connection: close

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: DNS name does not have enough labels",
  "status": 400
}

So it looks like its not possible to make a certificate, but I don’t understand why? I have no idea how to troubleshoot this. Really hope someone can help me out!

Best regards,

Xander

d3rax · September 15, 2018, 6:19pm

just some extra information; I can acces my home assistant remotely through http://mydomain.duckdns.org:8123. When I add a s (https://) I does not work so the problem is the certificate i would say.

piet1 · September 17, 2018, 9:45am

You cannot use letsencrypt with duckdns, i assume you are trying both plugins?

Klagio · September 17, 2018, 10:16am

I haven’t red all your post, just sharing my experience with duckdns: since few months is NOT updating my dynamic IP.
Check if duckdns.org is updating your IP (you have dynamic IP I suppose).

I stopped using duckdns service and using the service from asus

d3rax · September 17, 2018, 8:10pm

Okey, I figured out what the problem was. Turned out I miss understood the install options of the duckdns add-on. I only filled in the ‘mydomainname’ part of the duckdns.org adress. Thats why I got the error that the DNS was missing labels (the missing labels where ‘duckdns’ and ‘org’).

After filling in the full mydomainname.duckdns.org adress the certificate was created.

I’m now able to external en internal access home assistant through https, through https://mydomainname.duckdns.org:8123.

Now I want to access it through https://mydomainnaime.duckdns.org (without :8123). Because other wise my google tts does not work.

Problem is I’m only able to forward port 8123 on my router. Forwarding port 80, port 443 and port 443 to 8123 don’t seem to work. Is there a way to fix this without forwarding port 443 to 8123?