I have tried to find anything about the current and correct configuration of using SSL with HA. Unfortunately, all the posts I can find are at least a year old which is a very long time in the current environment, and I found nothing that described my error. I am getting an “Challenge is invalid” error in the DuckDNS add-on log. (Shown below.)
I am running HA from the image on an SD card on a Pi.
I am lost about where I could have entered something incorrectly. I read Can't get duckdns to work, but I don’t see anywhere where I have the “https” entered except in the base url, and none of the solutions there seemed to help.
According to https://www.duckdns.org/spec.jsp, returning the KO response means DuckDNS didn’t update (although the IP address is updating). I have verified that the token is correct (although obfuscated below). I don’t know what “Account is already registered!” means and if that’s a good thing or an error.
Any suggestions on where to look next?
- bph
This is [part of] what I attempted in configuration.yaml, but HA calls it invalid until the certs exist. So I removed the http section.
http:
base_url: https://ha.hynes.ca:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
This is the DuckDNS configuration.
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: fbd4dd22-xxxx-xxxx-xxxx-xxxxxxxxxxxx
domains:
- byronetta.duckdns.org
- ha.hynes.ca
aliases:
- domain: ha.hynes.ca
alias: byronetta.duckdns.org
seconds: 300
This is the DuckDNS log:
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[00:19:57] INFO: KO
# INFO: Using main config file /data/workdir/config
Processing byronetta.duckdns.org with alternative names: ha.hynes.ca
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for byronetta.duckdns.org
+ Handling authorization for ha.hynes.ca
+ 2 pending challenge(s)
+ Deploying challenge tokens...
OKOK + Responding to challenge for byronetta.duckdns.org authorization...
+ Cleaning challenge tokens...
OKOK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record \"VVc7_OtGO-38X1_Zn2VOdZDSnUXkb_FMnlOgeaFvVvY\" found at _acme-challenge.byronetta.duckdns.org",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5270070980/Md6giQ",
"token": "K6RQU-w3yZPFsB0HBgGFphOqkA1eGOjL88Q6a-PYAGI"
})
[00:25:32] INFO: KO
[00:30:33] INFO: KO
[00:35:33] INFO: KO
[00:40:34] INFO: KO
[00:45:35] INFO: KO
[00:50:35] INFO: KO
[00:55:36] INFO: KO
1 post - 1 participant