-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Duck DNS addon do not renew certificate #2505
Comments
I have the same problem with the 1.15.0 version. |
This appears to be an ongoing issue. Workaround is to remove alias, restart plugin to generate certificate, and then re-add alias. see: #1331 (comment) |
When removing aliases, don't just remove it try adding Can you share your config where you are trying to set the aliases though? You did follow all the directions here right? Namely add a CNAME record to the domain you own or a subdomain of it to the duckdns domain you're using. And another CNAME record for the |
Can confirm that this is still an issue in 1.15.0.. Had to remove the alias, leaving an empty array ([]) and renew, then put the alias config back in. Both CNAME records are in place.
|
I have this issue also |
I can confirm that this is still ongoing. |
Confirming that this remains an issue with DuckDNS 1.15.0 It's to the point now where I'm unable to use my OWN domain and am just using the DuckDNS domain to access my site. I'm at a loss as to why this issue with the alias domain remains a problem after having been around and so thoroughly documented for SO LONG. |
Fixes home-assistant#2505. This includes a bit of logic already performed by dehydrated, however we need it to ensure we don't unnecessarily cause certificates to be reissued everytime we check.
The issue here is This causes a problem with DuckDNS as it only has a single TXT record which will always be overwritten by the challenge for the last domain in the list. You can see this sequence in the (slightly modified and annotated) output:
The behaviour is detailed in The workaround detailed here is effectively doing what is detailed in this comment. PR to fix this coming in a mo. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
not stale - PR waiting to be merged. which, it'd be awesome if it was |
Mentioned fix on Home Assistant community issue: |
The relates PR seems to have been aproved one month algo. But still PR is open and not merged. What can be done to make that happen, or what's the next step? Many thanks! |
Another confirmation that this rigmarole still occurs in 1.15.0 |
Why on earth is the fix not being merged (#2662 )!? |
Can confirm again that have to go through ridiculous dance every 90 days to renew my certificates, can we PLEASE merge the fix?! (#2662 )!? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Definitely not stale and still an issue in 1.15.0. Certificate is failing every 3 months like clockwork because the dns-01 challenges don't work correctly with aliases on the duckdns add-on for home assistant. Please merge the fix. |
Maybe not enough people have mentioned that there is a fix that just needs to be merged?
Please merge the fix.
|
This is still the same version 1.15.0 and this same issue active. So I use manual workaround every 3 months: modify part of old options yaml:
restart to obtain certificate for duckdns domain. then after revert back to original:
then restart to get proper cert. |
Thank you @hkusulja for the workaround. I already forgot what I did to fix this 3 months ago. |
Had the exact same issue and documented the complete setup and procedure at HA Community - Also mind the note in there to easily shift to a more modern and stable approach with more capabilities, being NGINX Proxy Manager. |
Hi My current yaml configuration is quite different .. duckdns: http: What should I change to obtain the same result (renew the certificate after 3 month)?? Thanks |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Can anyone confirm that this is now working as expected? If this hasn’t changed, the ticket needs to be open. |
In my case the missing renew was due to a wrong configuration.. |
There hasn't been a version change yet so even any potential fixes would not have been merged in. Given that, it must still be a problem. The issue only occurs every 3 months when the certs expire and DuckDNS attempts to renew them. |
Please mind that the expected change that was discussed in the PR by developers was basically to officially drop support for multiples alias, or alias all together, so if your solution works through that it's better to start looking for a solution in some other way... |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
The issue is still the same, it should be fixed by someone. |
In my case, it just expired today and it was automatically renewed.. I can now read again "expire in 3 month" |
What have you changed in your setup? mine failed again (sigh) just last night. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Not stale. Addon is abandoned. |
For those having problems with auto-renewal when using a custom alias, and having to do the manual workaround, I tihnk I found another hacky way to do it... see #1331 (comment) |
I would really advise abandoning this add-on, see https://community.home-assistant.io/t/letsencrypt-in-duckdns-fails-with-incorrect-txt/205150/25?u=thomas_geens |
Describe the issue you are experiencing
Every time when this plugin may renew certificate it fails! So every three months i have to try play with this plugin = it is completelly unusable i can do it manually.
I have getting this: Incorrect TXT record
What type of installation are you running?
Home Assistant Supervised
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Duck DNS
What is the version of the add-on?
1.14.0
Steps to reproduce the issue
Setup plugin with alias -> worked, get certificate
When renewal period occurs renewal failed
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
Additional information
I have tried remove aliasses completelly but i cant save configuration because error
Failed to save add-on configuration, Invalid list for option 'aliases' in Duck DNS (core_duckdns). Got {'domains': ['pnrqvy-ha.duckdns.org'], 'token': '0c79e13c-ecaa-478d-8da9-106e3cbb3239', 'aliases': {}, 'lets_encrypt': {'accept_terms': True, 'algo': 'secp384r1', 'certfile': 'fullchain2.pem', 'keyfile': 'privkey2.pem'}, 'seconds': 300}
I have tried uninstall plugin and configure it from scratch. No success.
The text was updated successfully, but these errors were encountered: