Let's Encrypt - DNS challenge with DuckDNS doesn't work

[dafo90]

Describe the issue you are experiencing

The DNS challenge with DuckDNS doesn't work without the option --dns-duckdns-no-txt-restore.

The following script reproduces the issue by replicating the certbot command options from run.sh:

#!/bin/bash

# Requirements: certbot and certbot-dns-duckdns
# pip install certbot certbot-dns-duckdns

mkdir -p ./work
mkdir -p ./crt
mkdir -p ./logs

rm -rf ./crt/*

# Replace *** with your email
EMAIL="***"

# Replace *** with your token
echo -e "dns_duckdns_token = ***\n" > ./dnsapikey
chmod 600 ./dnsapikey

# Replace *** with your DuckDNS domain, e.g. my-hostname.duckdns.org
DOMAINS=("***")
DOMAIN_ARR=()
for line in $DOMAINS; do
    DOMAIN_ARR+=(-d "$line")
done

echo "DOMAIN_ARR[1]: '${DOMAIN_ARR[1]}'"
echo "DOMAIN_ARR[@]: '${DOMAIN_ARR[@]}'"

DNS_PROVIDER="dns-duckdns"
PROVIDER_ARGUMENTS=()
PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "./dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "10")

certbot certonly --non-interactive \
        --keep-until-expiring \
        --expand \
        --email "${EMAIL}" \
        --agree-tos \
        --cert-name "${DOMAIN_ARR[1]}" "${DOMAIN_ARR[@]}" \
        --config-dir "./crt" \
        --work-dir "./work" \
        --logs-dir "./logs" \
        --preferred-challenges "dns" \
        "${PROVIDER_ARGUMENTS[@]}" \
        --preferred-chain "ISRG Root X1" \
        --dns-duckdns-no-txt-restore # Whitout this option certbot cannot generate the certificate...

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.0.15

Steps to reproduce the issue

1. Comment / uncomment the option --dns-duckdns-no-txt-restore
2. Run the script

System Health information

System Information

version	core-2024.3.3
installation_type	Home Assistant OS
dev	false
hassio	true
docker	true
user	root
virtualenv	false
python_version	3.12.2
os_name	Linux
os_version	6.6.20-haos
arch	x86_64
timezone	Europe/Zurich
config_dir	/config

Home Assistant Community Store

GitHub API	ok
GitHub Content	ok
GitHub Web	ok
GitHub API Calls Remaining	5000
Installed Version	1.34.0
Stage	running
Available Repositories	1400
Downloaded Repositories	5

Home Assistant Cloud

logged_in	false
can_reach_cert_server	ok
can_reach_cloud_auth	ok
can_reach_cloud	ok

Home Assistant Supervisor

host_os	Home Assistant OS 12.1
update_channel	stable
supervisor_version	supervisor-2024.03.1
agent_version	1.6.0
docker_version	24.0.7
disk_total	228.5 GB
disk_used	17.6 GB
healthy	true
supported	true
board	generic-x86-64
supervisor_api	ok
version_api	ok
installed_addons	deCONZ (6.23.0), ESPHome (2024.3.1), Node-RED (17.0.11), Terminal & SSH (9.10.0), Studio Code Server (5.15.0), Home Assistant Google Drive Backup (0.112.1), NGINX Home Assistant SSL proxy (3.9.0), Let's Encrypt (5.0.15), File editor (5.8.0)

Dashboards

dashboards	1
resources	0
views	1
mode	storage

Miele

component_version	2024.1.0
reach_miele_cloud	ok

Recorder

oldest_recorder_run	March 27, 2024 at 7:42 PM
current_recorder_run	March 27, 2024 at 8:52 PM
estimated_db_size	140.52 MiB
database_engine	sqlite
database_version	3.44.2

Anything in the Supervisor logs that might be useful for us?

No response

Anything in the add-on logs that might be useful for us?

No response

Additional information

No response

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[spencerwi]

Is there a fix for this? I see it marked as "completed", but I'm still experiencing issues with TXT record verification failures.

[dafo90]

My problem was a filter rule in NextDNS, so I decided to close this issue.