Duck DNS DNS Settings

Readme.md

Guide How To use custom domain with Duck DNS: home-assistant/addons#1331 (comment)

Let us imagine the following:

You have a domain example.duckdns.org and you have the domain example.com and want to access your home assistant via home.example.com.

Short Guide

1. Set CNAME records for your domain: *.home and home pointing to example.duckdns.org
2. Install or Reinstall the DuckDNS Addon on your home assistant instance.
3. Set your addon config and leave out your alias for this step
4. Start the duckdns addon and watch the log for completion of certificate creation
5. Now add the alias to your config
6. Restart addon and watch the log for completion of certificate creation
7. Add http section to your configurations.yaml and set your alias domain as your base_url
8. Restart your home assistant

Detailled Guide

1. Set CNAME records for your domain

CNAME     *.home      example.duckdns.org
CNAME       home      example.duckdns.org

2. Install or Reinstall the DuckDNS Addon on your home assistant instance.
3. Set the following configuration in your addon configuration:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: take-the-token-from-your-duckdns-account
domains:
  - example.duckdns.org
aliases: []
seconds: 300

4. Start your addon and let your addon create your keypairs (you can follow the process in the Logs tab)

Log output should be:

INFO: Renew certificate for domains: example.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
 + Creating chain cache directory /data/workdir/chains
Processing example.duckdns.org
 + Creating new directory /data/letsencrypt/example.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for example.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
OK + Responding to challenge for example.duckdns.org authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
OK + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Done!

5. Now after certificates has been created change your addon configuration to the following:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: take-the-token-from-your-duckdns-account
domains:
  - example.duckdns.org
aliases:
  - domain: home.example.com
    alias: example.duckdns.org
seconds: 300

6. Restart your addon and follow process in the Log-tab

Log output should be:

INFO: Renew certificate for domains: example.duckdns.org and aliases: 
home.example.com
# INFO: Using main config file /data/workdir/config
Processing home.example.com with alternative names: example.duckdns.org
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for example.duckdns.org
 + Found valid authorization for example.duckdns.org
 + Handling authorization for home.example.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
OK + Responding to challenge for home.example.com authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
OK + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Done!

7. Add the following to your configurations.yaml file:

http:
  server_port: 8123
  base_url: home.example.com
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

8. Restart your home assistant

These steps will definitely work with everybody!

Have fun :D

P.S.: Don't forget forwarding your local port 8123 to 443 in your router 👍

If you need to set TXT record for your duckdns domain:
https://www.duckdns.org/update?domains={domain}.duckdns.org&token={token}&txt={dns_txt}

Thanks for the guide! It does not work for me though. I stumbled upon the last lines

If you need to set TXT record for your duckdns domain:
https://www.duckdns.org/update?domains={domain}.duckdns.org&token={token}&txt={dns_txt}

Can you elaborate on that? Why would I do it and which problem may it solve. Maybe thats the missing piece in to solve my problem.

Thanks a lot!

Many thanks, worked like a charm!

Even if @ahue 's question is very old, maybe it will help out someone in the future :)
I ran into an issue that txt acme challenge failed. I then crafted with the placeholders filled out the domain cited. The dns_txt part looked for me like: _acme-challenge.home.example.com. I got a 200 OK in return, then restarted the add on and it passed the challenge.

I solved this problem adding a record in my DNS of my provider.
CNAME:
_acme-challenge.home.example.com (where I had to put _acme-challenge.home as you are on example.com anyways)
pointing to
_acme-challenge.example.duckdns.org

I found that here:
https://community.home-assistant.io/t/letsencrypt-in-duckdns-fails-with-incorrect-txt/205150/16

Opening the port 443 in the router is definitely not needed, @mansouryaacoubi. A secure connection can be stablished in the port where you expose Home Assistant.

I know I'm being really stupid here but where do I add a CNAME? I am running Home Assistant and using the DuckDNS addon to remotely access my instance and have been for years now. But, I am trying to use the new Tesla integration and it requires end to end encryption and a HTTP Proxy server with the right certs. I am pretty sure I need to setup an alias in DuckDNS to do this but it keeps failing the cert challenge so my cert is invalid for the HTTP Proxy. I keep reading that I need to add a CNAME somewhere but nobody seems to say where to add it? Will this be a local thing or would I need to do it in DuckDNS somewhere? I can't see any option to do it in DuckDNS hence I am quite stuck.
Any and all advice welcomed.

@IanK6449, you only need to add a CNAME if you use your own domain, which seems you are not. In case you only use DuckDNS, you only need the subdomain they provide.

In case you have your own domain, you need to go do the control page of the company where you bought the domain, and add there a CNAME to the DuckDNS subdomain and the _acme-challenge.

Good luck!

Thanks Gabriel… that helps to clarify things 😊 From: Gabriel ***@***.***> Sent: Monday, March 25, 2024 3:49 AM To: GabrielGil ***@***.***> Cc: Mention ***@***.***> Subject: Re: mansouryaacoubi/Readme.md @GabrielGil commented on this gist.

…

________________________________ @IanK6449<https://github.com/IanK6449>, you only need to add a CNAME if you use your own domain, which seems you are not. In case you only use DuckDNS, you only need the subdomain they provide. In case you have your own domain, you need to go do the control page of the company where you bought the domain, and add there a CNAME to the DuckDNS subdomain and the _acme-challenge. Good luck! — Reply to this email directly, view it on GitHub<https://gist.github.com/mansouryaacoubi/6774911fe2ffa60fac7738913aae34e2#gistcomment-4999433> or unsubscribe<https://github.com/notifications/unsubscribe-auth/AJHUZDSHTBO6AZG6BHG4JELYZ4GYNBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTANZZG42TKNJUU52HE2LHM5SXFJTDOJSWC5DF>. You are receiving this email because you were mentioned. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.