Closed AieatAssam closed 3 years ago
I can confirm, this bug still exists in 1.15.0.
I found a hacky work-around for this issue:
xxx.duckdns.org
: This is the domain that will be used for the dns-01 challenge on your DuckDNS hostname. Its A
record will point to your home IP.xxx-alias.duckdns.org
: This is the domain that will be used for the dns-01 challenge on your custom alias. Its A
record does not matter - you can manually set it to something like 127.0.0.1
CNAME
record for accessing HomeAssistant, e.g.:
home.yourdomain.com CNAME xxx.duckdns.org
CNAME
record for the ACME challenge TXT
record, e.g.:
_acme-challenge.home.yourdomain.com CNAME xxx-alias.duckdns.org
domains:
- xxx.duckdns.org
aliases:
- domain: home.yourdomain.com
alias: xxx.duckdns.org
- domain: home.yourdomain.com
alias: xxx-alias.duckdns.org
home.yourdomain.com
and xxx.duckdns.org
, and which will successfully auto-renew.If you're curious why this works, it's because we are able to trick the add-on into using two independent TXT
records for the two ACME challenges, rather than fighting over a single record:
a) This code only processes aliases
config that has a matching entry in the domains
list. That is why we need the first entry in the aliases
list, it serves no other purpose.
b) This code is what actually maps your custom alias to a DuckDNS domain name, when updating the TXT
record for the ACME challenge. It picks whatever the last matching entry is, so it maps home.yourdomain.com -> xxx-alias.duckdns.org
, and updates that TXT
record. This matches our earlier DNS configuration for _acme-challenge.home.yourdomain.com CNAME xxx-alias.duckdns.org
.
Hopefully this workaround doesn't get broken until we have another viable solution.
A cleaner solution might be to clear our the TXT
records in hook.sh#startup_hook
, and then append to them in hook.sh#deploy_challenge
rather than overwriting them. If the maintainers are interested, I could have a go at preparing a PR, but there doesn't seem to be much interest in fixing this...
Hmm, would it be better just to update this plugin / code. or create another fork of it? Anyhow, I am not sure I understand step 4. Since there is already one CNAME and there can be only one CNAME per DNS record. Also if need to modify existing _acme-challenge.home.yourdomain.com, should be under _acme-challenge.domain.duckdns.org ?
I'm not going to fork it since this solution seems to work for now, and I'm not going to spend time trying to update the code without some indication from the maintainers that they would be willing to accept a patch - it seems the plan at the moment is to remove support for aliases. This is probablly fine, if https://github.com/home-assistant/addons/pull/3152 gets merged (but beware too of https://github.com/home-assistant/addons/issues/2423 which was closed without a fix/doc update).
In regards to your question about Step 4, there is only one CNAME per DNS name:
home.yourdomain.com CNAME xxx.duckdns.org
_acme-challenge.home.yourdomain.com CNAME xxx-alias.duckdns.org
In regards to your other question, you can use either
_acme-challenge.home.yourdomain.com CNAME xxx-alias.duckdns.org
or
_acme-challenge.home.yourdomain.com CNAME _acme-challenge.xxx-alias.duckdns.org
or
_acme-challenge.home.yourdomain.com CNAME whatever.xxx-alias.duckdns.org
It doesn't matter, since DuckDNS domains are effectively DNS wildcards. xxx-alias.duckdns.org
and *.xxx-alias.duckdns.org
will all respond with the same TXT
record.
ok, I have done according to your instructions, hope this helps on current version of current DuckDNS addon-on. Thank you !
How to reopen this issue so maintainers see is as active issue that is not resolved? (however it is linked to old fix, which is not it), And just to confirm your suggestion is for making SSL certificates to work on duckdns when using custom domain name, so it should be under https://github.com/home-assistant/addons/issues/2505 ?
Where do I do theese steps when using duckdns??
`3. In the DNS provider for your custom domain, create your desired CNAME record for accessing HomeAssistant, e.g.: home.yourdomain.com CNAME xxx.duckdns.org
Still broken for me as of today - removing aliases and adding them didn't work for me However, @joedj's workaround did: https://github.com/home-assistant/addons/issues/1331#issuecomment-1722300924
Finally... I'm used to manually renew it since years but this workaround seems to work : https://github.com/home-assistant/addons/issues/1331#issuecomment-1722300924 ... not ideal fix but this is nice, thx!
When trying the new alias option in DuckDNS addon-on, the following gets generated (redacted is a placeholder name for a real domain I use, is personally identifiable data I have redacted):
I have added the following CNAME record to my redacted.net domain:
home >> redacted.duckdns.org
The configuration I am using is as follows: