Setting up DuckDNS & Let's Encrypt on a 2nd Pi?

jono · July 29, 2017, 3:19pm

I already have Home Assistant running on a RPi3 (setup with AIO installer, and also have spare RPi3, so thought I’d try Hass.io on it.

I created another domain at DuckDNS using the same account that I used to create a DuckDNS domain for my original Raspberry Pi (Pi 1). I installed the DuckDNS addon for Hass.io and added the new domain the 2nd Pi (Pi 2) .

I’m now trying to setup Let’s Encrypt on Hass.io on the 2nd Pi (Pi 2), but having problems.

Under Hass.io > Let’s Encrypt > Options I filled in the details, adding the new DuckDNS domain name for Pi 2. But when I click on start it shows the following error under Logs:

Failed authorization procedure. [DOMAIN NAME FOR PI 2].duckdns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested e36caa6568bcd2d6432a98d03179317f.164576f74bb218a9aaf29fe47d04a142.acme.invalid from [MY IP ADDRESS]:443. Received 2 certificate(s), first certificate had names “[DOMAIN NAME FOR PI 1].duckdns.org”
IMPORTANT NOTES:
_ - The following errors were reported by the server:_
_ Domain: [DOMAIN NAME FOR PI 2].duckdns.org_
_ Type: unauthorized_
_ Detail: Incorrect validation certificate for tls-sni-01 challenge._
_ Requested_
_ e36caa6568bcd2d6432a98d03179317f.164576f74bb218a9aaf29fe47d04a142.acme.invalid_
_ from [MY IP ADDRESS]:443. Received 2 certificate(s), first_
_ certificate had names “[DOMAIN NAME FOR PI 1].duckdns.org”_
_ To fix these errors, please make sure that your domain name was_
_ entered correctly and the DNS A record(s) for that domain_
_ contain(s) the right IP address._

So it looks like it’s downloading the certificate for Pi 1 instead of creating a new certificate for Pi 2.

I’m wondering if because both the DuckDNS domains for Pi 1 and Pi 2 are pointing to the same router/IP address that it’s not possible to setup 2 different DuckDNS domains and Let’s Encrypt certificates on separate Raspberry Pis because they just point at the IP address, not separate Pis? (So it’s not possible to do this?)

anon43302295 · July 29, 2017, 3:32pm

Is it because you’re port forwarding to pi 1 not pi 2?

jono · July 29, 2017, 3:39pm

I setup separate rules in my router’s settings.

Port 443 to Pi 1’s IP address
Port 80 to Pi 1’s IP address

Port 443 to Pi 2’s IP address
Port 80 to Pi 2’s IP address

But maybe it’s ‘still getting confused’?

monkey_of_hill · July 29, 2017, 3:44pm

You should set up a reverse proxy. Your router doesn’t know where to send things.

anon43302295 · July 29, 2017, 3:51pm

^this.

You can’t forward the same port to two internal devices. Got to go a bit more advanced and use a proxy.

jono · July 29, 2017, 3:53pm

Ah, right. I have no idea what a ‘reverse proxy’ is, so I’ll look into settings it up, thanks!

FiServedPi · March 13, 2018, 11:46pm

I’m just a little confused so my setup is ISP MODEM/ROUTER COMBO but I’m using Google WiFi so I turned off WiFi on the ISP MODEM so which IP address do I use for the pi that is wirelessly connected to my Google WiFi? When setting up duck dns, and Which WAN address do I use? My Google WiFi has one but my modem has a different one