Updating DuckDNS domain failed

Configuration
1

Hello.
I can’t figure out what’s wrong with my setup of DuckDNS. Everything works correctly, I can log in to HA by https://mydomain.duckdns.org from outside, but from time to time I see following warning in logs:

Updating DuckDNS domain failed: mydomain.duckdns.org
1:15 AM components/duckdns/__init__.py (WARNING) - message first occured at 12:40 AM and shows up 7 times

My configuration.yaml:

duckdns:
  domain: !secret duckdns_domain
  access_token: !secret duckdns_token

http:
  server_host: !secret server_host 
  base_url: !secret url_http
  use_x_forwarded_for: true
  trusted_proxies: !secret trusted_proxies

secrets.yaml

server_host: 127.0.0.1
url_http: mydomain
trusted_proxies: 127.0.0.1
duckdns_domain: mydomain.duckdns.org
duckdns_token: 3e[censored]6-03g8-4e9a-b6da-7[censored]e9x

I have forwarded ports 80 and 443 on my router to RPI with HA (port 80 to port 80, port 443 to port 443).
I’m using HAProxy and below is my config:


global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3
        maxconn 2048
        tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend www-http
        bind *:80
        acl acme-challenge path_beg /.well-known/acme-challenge/
        redirect scheme https unless acme-challenge
        use_backend certbot if acme-challenge

frontend www-https
        log /dev/log    local0 debug
        bind *:443 ssl crt /etc/letsencrypt/live/mydomain.duckdns.org/haproxy_use.pem
        acl hass-acl hdr(host) -i mydomain.duckdns.org #useless from old setup
        use_backend hass_backend if { hdr(Host) -i mydomain.duckdns.org mydomain2.duckdns.org https://mydomain.duckdns.org }
        default_backend reject

backend hass_backend
        server hass 127.0.0.1:8123
        mode http
        option forwardfor
        http-request add-header X-Forwarded-Proto https
        http-request add-header X-Forwarded-Port 443

backend reject
        tcp-request content reject

backend certbot
        server certbot 127.0.0.1:54321

No idea why warning that DuckDNS domain updating failed appear.

2

Hi Siquel,
This seems to be cropping up a lot lately.
Firstly it seems to me at least that your setup is a bit more extensive than it needs to be
Some of them are in conflict, e.g. You are setting an http component that points to your duckdns but later state that hassio be routed through home (127.0.0.1 etc.)
You also seem to be doing a lot with Port 80, I do nothing with port 80 and can access on local lan http://192.168.0.236:8123 AND wan remotely (inside and outside my lan) on https://myfortressofsolitude.duckdns.org (note: no port specified as https defaults to 443)

Have a look at : -

You may need to clear out everything (duckdns & letsencrypt & portforwarding & especially http: config statements) and start again. DO NOT INSTALL LETSENCRYPT, what you need is included with the new installation of duckdns
Regards
Mutt

3

Thank you very much for your time Mutt.
I know that port 80 can be blocked because using ssl connection I need only 443 (from default) for https. However I have bind port 80 in HAProxy which is installed on the same machine as Home Assistant and “redirect scheme https” make redirection to https. So if there is any http connection to HA, it’s automaticly redirected to https.
This port redirection is made to left gate open for certbot renew by http-01 challange despite that I’m using dns challange (it’s just in case:)

http component is configured according to our page: https://www.home-assistant.io/docs/ecosystem/haproxy/
I will take a look on your link today evening. Thanks again.

4

Sorry for late response, I had crazy weekend.
I looked on your link but unfortunately it doesn’t helped. I have tried also few other things like changing a little HAProxy config or turning off PiHole but nothing helped. From time to time I still get this warning

Updating DuckDNS domain failed: mydomain.duckdns.org

Since all works correctly it’s not a critical issue but I’m crazy about errors/warnings and I’m trying to eliminate all messages which I don’t expect.

5

I have had the same problem. But I haven’t been able to find out why.

I run Home Assistant on a Ubuntu server, and installed HA with pip. Unfortunately the integration (DuckDNS) doesn’t have any other log levels than warning. So debugging isn’t possible without altering the code.

And as you write, it probably works. Instead of using this integration I wrote my own Node-RED flow doing the exact same thing as the HA integration. And the reply on the call to duckdns is “OK”.

The line you see in the log indicates that the response from duckdns isn’t “OK”.

If I find the time, I will try to alter the code to see what is happening and file a bug on Github.

6

You should provide subdomain instead of domain.
mydomain.duckdns.org -> mydomain

eg:

duckdns:
  domain: mydomain
  access_token: xxx