-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DuckDNS: Remove support for DNS aliases #2964
DuckDNS: Remove support for DNS aliases #2964
Conversation
Please keep support for aliases. My setup relies heavily on the device being in my own domain. |
@richardwonka Perfect!!! You should be able to use the Let's Encrypt addon without any problems. You've already got a CNAME record for your own domain pointing to your If your DNS provider is on the supported list, it's really easy, and you can use the |
If domain alias support is going to be removed from DuckDNS, is there a guide/documentation on how to use DuckDNS alongside Let's Encrypt to set up multiple subdomains which all point to the same duckdns domain @lildude ? |
There is now 😁 I've just added a section to this addon's docs in this PR. |
BUT I cannot configure the addon to point to my own domain name. the addon complains that domain names need to match Once that discrepancy is fixed, this would work for me, but it seems that aliases are not such an odd use case to just drop them. |
That's expected and it won't and shouldn't change. All the alias function does is add the custom domain to the certificate. This is now handled by the Let's Encrypt addon. In short:
Please try following the details I'm adding to this PR (see rendered here) and let me know how it goes. |
TL;DR: You might be able to automate listening to port 80 from home assistant (and the computer it's running on) itself, but as soon as you have other firewalls and security gateways in front of your home assistant instance this becomes a mess Just wanted to let you know this sounds like a nightmare :) I'm one of those people who use duckdns with my own domain which don't use one of the around 20 supported dns providers in the let's encrypt add-on. Currently I need to go into my duckdns configuration every 3 months, change the alias configuration, restart it, change it back and everything works. Elegant? no, but it's what I need to do. However, if you remove this some people are going to be really sad since the let's encrypt add-on it not really an option. The entire reason for using DNS is not to expose a webserver on 80 to the internet in the first place. As I can see it this leaves me with the following choices:
I think I'm going with the last option, but I don't like it :) I have not tried to understand the fundamental problem you are fighting with in the duckDNS add-on, but it feels like the problem should be fixed there. Good luck :) |
I still hope that someone will find a way to support aliases with autossl and duckdns go in home assistant. |
Other than having to automate something for which an automated process already exists (in the months-old pull request the duckdns add-on) and which has no practical downsides.
Opening port 80 and requiring manual interaction instead of merging an existing automated solution is far from perfect. Neither of the available solutions may be perfect, but each of them works for some users and both make sense to be available. |
OK, I see this, however, How do I configure the LetsEncrypt addon if i want a certificate that's valid for BOTH mydomain.duckdns.org and Mydomain.com? If i'm specifying a DNS supplier, that will provide details for my domain, but won't have any details for the duckdns domain I'm probably confused, but all I want is a cert with the 2 domains as a SAN, i don't really care whether it comes from the duckdns add on or the LetsEncrypt add-on. I've tried reading the docs, but either i'm not understanding them properly or they don't cover this |
I've shared an idea in #2662 how it potentially can be fixed. Unfortunately I don't know enough about project structure to fully test it - but probably someone here would like to take a look and give alias one more chance before deleting them. |
Automatically renewing Let's Encrypt certificates with the DuckDNS addon when aliases are configured has been broken for quite some time with #2505 being the most recently opened issue.
As I've detailed in the issue #2505 (comment):
I attempted to fix this in #2662 but this wasn't optimal and it was decided the big mistake was in adding support for aliases in the first place and as such the best fix would be to remove support for aliases. See @mdegat01's comment at #2662 (comment)
This PR does just that. I've also added a section to the docs detailing how to use the Let's Encrypt addon to obtain certificates for DNS aliases.
I've also updated the docs and reordered the options to match the configuration.
Fixes #2505
/cc @mdegat01