Second Domain Issue with DuckDNS and Lets Encrypt Add On

I’m having some issues getting a new domain to work with lets encrypt. I’ve added my new domain to the duckdns config but when it runs it is unable to verify the new domain. It looks like it’s generating a new token for me to use to validate…but doesn’t give me a chance to add it as a TXT record before checking. I have gone and added the token but I think at that point it’s too late. Has anyone had any luck getting this to work?

CONFIG

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "<DUCKDNS TOKEN>",
  "domains": [
    "mydomain.duckdns.org",
    "sd.newdomain.com"
  ],
  "seconds": 300
}

LOG

# INFO: Using main config file /data/workdir/config
+ Account already registered!
Sat Nov 10 00:47:24 CST 2018: KO
# INFO: Using main config file /data/workdir/config
Processing mydomain.duckdns.org with alternative names: sd.newdomain.com
 + Checking domain name(s) of existing cert... changed!
 + Domain name(s) are not matching!
 + Names in old certificate: mydomain.duckdns.org
 + Configured names: mydomain.duckdns.org sd.newdomain.com
 + Forcing renew.
 + Checking expire date of existing cert...
 + Valid till Jan 19 17:20:00 2019 GMT (Longer than 30 days). Ignoring because renew was forced!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for mydomain.duckdns.org
 + Found valid authorization for mydomain.duckdns.org
 + Handling authorization for sd.newdomain.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
KO + Responding to challenge for sd.newdomain.com authorization...
 + Cleaning challenge tokens...
KO + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"<PREVIOUS TOKEN>\" found at _acme-challenge.sd.newdomain.com",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/<RANDOM>/<RANDOM>",
  "token": "<NEW TOKEN>"
})

I’m also looking into this but it seems to be an unsolved issue. See https://github.com/home-assistant/hassio-addons/issues/336

This is for sub sub domains, however I think the same applies

Hi!

As user Liad pointed out on Github issue 336, the workaround for subdomains is

"domains": [
  "*.xxx.duckdns.org xxx.duckdns.org > xxx.duckdns.org"
]

see https://github.com/dehydrated-io/dehydrated/blob/307eaadddfd49aeafda6984f11e6731329372cd5/docs/domains_txt.md

example.net www.example.net wiki.example.net > certalias

I’m not on hass.io but running several docker instances. Won’t it be possible to spin-up a second docker instance and let that handle the other domain?

ooh wow, I entirely gave up on duckdns and just registered my own domain but this seems as a valid idea.