Guide How To use custom domain with Duck DNS: home-assistant/addons#1331 (comment)
Let us imagine the following:
You have a domain example.duckdns.org
and you have the domain example.com
and want to access your home assistant via home.example.com
.
- Set CNAME records for your domain:
*.home
andhome
pointing toexample.duckdns.org
- Install or Reinstall the DuckDNS Addon on your home assistant instance.
- Set your addon config and leave out your alias for this step
- Start the duckdns addon and watch the log for completion of certificate creation
- Now add the alias to your config
- Restart addon and watch the log for completion of certificate creation
- Add
http
section to yourconfigurations.yaml
and set your alias domain as yourbase_url
- Restart your home assistant
- Set CNAME records for your domain
CNAME *.home example.duckdns.org
CNAME home example.duckdns.org
- Install or Reinstall the DuckDNS Addon on your home assistant instance.
- Set the following configuration in your addon configuration:
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: take-the-token-from-your-duckdns-account
domains:
- example.duckdns.org
aliases: []
seconds: 300
- Start your addon and let your addon create your keypairs (you can follow the process in the Logs tab)
Log output should be:
INFO: Renew certificate for domains: example.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
+ Creating chain cache directory /data/workdir/chains
Processing example.duckdns.org
+ Creating new directory /data/letsencrypt/example.duckdns.org ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for example.duckdns.org
+ 1 pending challenge(s)
+ Deploying challenge tokens...
OK + Responding to challenge for example.duckdns.org authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
OK + Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
- Now after certificates has been created change your addon configuration to the following:
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: take-the-token-from-your-duckdns-account
domains:
- example.duckdns.org
aliases:
- domain: home.example.com
alias: example.duckdns.org
seconds: 300
- Restart your addon and follow process in the Log-tab
Log output should be:
INFO: Renew certificate for domains: example.duckdns.org and aliases:
home.example.com
# INFO: Using main config file /data/workdir/config
Processing home.example.com with alternative names: example.duckdns.org
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for example.duckdns.org
+ Found valid authorization for example.duckdns.org
+ Handling authorization for home.example.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
OK + Responding to challenge for home.example.com authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
OK + Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
- Add the following to your
configurations.yaml
file:
http:
server_port: 8123
base_url: home.example.com
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
- Restart your home assistant
These steps will definitely work with everybody!
Have fun :D
P.S.: Don't forget forwarding your local port 8123 to 443 in your router 👍
If you need to set TXT record for your duckdns domain:
https://www.duckdns.org/update?domains={domain}.duckdns.org&token={token}&txt={dns_txt}
@IanK6449, you only need to add a CNAME if you use your own domain, which seems you are not. In case you only use DuckDNS, you only need the subdomain they provide.
In case you have your own domain, you need to go do the control page of the company where you bought the domain, and add there a CNAME to the DuckDNS subdomain and the
_acme-challenge
.Good luck!