search

dehydrated-io / dehydrated

letsencrypt/acme client implemented as a shell-script – just add water
https://dehydrated.io
MIT License
5.96k stars 716 forks source link

how to start using this when you already have an account? #899

Closed ronsmits closed 1 year ago

ronsmits commented 1 year ago

I followed the instructions from https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt to set this up. I was already using duckdns.org and wanted to start using this to update the letsencrypt settings. but I get as result:

 INFO: Using main config file /home/pi/dehydrated/config
Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
Processing not-the-realdomain.duckdns.org
Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for not-the-realdomain.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
KO
 + Responding to challenge for not-the-realdomain.duckdns.org authorization...
Unknown hook invalid_challenge
 + Cleaning challenge tokens...
KO
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]  "dns-01"
["status"]  "invalid"
["error","type"]    "urn:ietf:params:acme:error:unauthorized"
["error","detail"]  "Incorrect TXT record \"\" found at _acme-challenge.not-the-realdomain.duckdns.org"
["error","status"]  403
["error"]   {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"\" found at _acme-challenge.not-the-realdomain.duckdns.org","status":403}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/200227921317/B4WRgg"
["token"]   "xxx"
["validated"]   "2023-02-02T11:42:50Z")

apart from that (quite old) blogpost I could not find a more recent howto

lukas2511 commented 1 year ago

You'll need a working hook-script for your DNS provider, and configure correct credentials, otherwise dehydrated can't set up DNS based validation. In some cases old scripts are build a bit naive with an assumption that deployment of txt entries is instantaneous, but it actually takes some time, so sometimes adding a sleep as last part of the deploy challenge hook resolves some issues. Not sure if that's the case with DuckDNS, hook scripts are provided by the community.