addons
addons copied to clipboard
home-assistant
Changed alias but no new certificate (How to force recreating the Let's Encrypt Certificate)?
Describe the issue you are experiencing
Actually, I am in the process of solving a problem with the HA app. I wanted to make my HA available via a second domain.
I have a DuckDNS domain (example.duckdns.org) and now also a real subdomain (ha.example.org).
I created a CNAME record from ha.example.org to example.duckdns.org. This also works.
I added the alias in the DuckDNS addon. However, no new certificate is created. This process is skipped because my current certificate is only three days old.
My addon config:
How can I force the addon to recreate the certificate with the new CNAME?
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Duck DNS
What is the version of the add-on?
1.15.0
Steps to reproduce the issue
- Create CNAME for subdomain
- Add this new "real" subdomain into the DuckDNS config
- Save, Reboot
- No new certificate ...
Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
178.243.165.194
NOCHANGE
[02:13:53] INFO: Renew certificate for domains: example.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing example.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Oct 27 21:31:07 2022 GMT (Longer than 30 days). Skipping renew!
You see, empty aliases?
Additional information
No response
Looks like a bug, will check it out. In the meantime I think a simple workaround would be just to rename/delete /ssl/fullchain.pem and /ssl/privkey.pem. Then it won't be able to find existing certs on startup and will request new ones.
I deleted both files, then restarted the addon.
Log:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[13:09:53] INFO: OK
176.237.181.32
NOCHANGE
[13:09:53] INFO: Renew certificate for domains: example.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing example.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Oct 27 21:31:07 2022 GMT (Longer than 30 days). Skipping renew!
As you can see the alias is empty and the ssl dir is empty, too.
Edit: I deleted the aliases. I don't need them at the moment. But renewing the cert is still not possible.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm running into a similar issue where uninstalling and reinstalling the add-on still doesn't renew my certificate, even though in the logs it says it has.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
@mdegat01 @ludeeus can one of you take another look? much appreciated!
I just hit this as well. I changed my domain and now my certificates don't match and don't seem to update. I've tried restarting the service and this is what shows in the log:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[05:22:17] INFO: Renew certificate for domains: and aliases:
# INFO: Using main config file /data/workdir/config
ERROR: domains.txt not found and --domain not given
I was able to force a certificate regeneration by:
- Renaming the old certificate files
- Uninstalling DuckDNS
- Re-installing and re-configuring DuckDNS
Note that I wasn't able to configure DuckDNS using the friendly UI. I kept getting an error saying the domains wasn't specified... but there was no UI to specify the domain. I had to do the YAML edit instead.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
