addons: Duckdns letsencrypt expired CA broke DoH
The problem
Android private dns DoH using Adguard Home broke; LetsEncrypt certificate from certbot uses expired CA (X3 expired 30sept2021) chain. Its a widespread issue, however, only seems to affect old clients, and surprisingly, android feature ‘private dns’ (on updated android clients). This feature doesnt auto recognize the certificate path solution and was not expected to break.
Ive read workarounds by adjusting certbot parameters.
certbot renew --preferred-chain "ISRG Root X1" --force-renewal
The addon appears to use Dehydrated and it does have the arg ’ --preferred-chain’ as well - could we add this? https://github.com/home-assistant/addons/blob/c1bc77b9ae87f56bb6a142eabe7294499ab72ec9/duckdns/data/run.sh#L40
Edit: acme issue here https://github.com/acmesh-official/acme.sh/issues/3723#issuecomment-932143360
Environment
- Add-on with the issue: duckdns
- Add-on release with the issue: na
- Last working add-on release (if known): na
- Operating environment (OS/Supervised):
Problem-relevant configuration
Traceback/Error logs
Additional information
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 2
- Comments: 31 (2 by maintainers)
I don’t know the state of Dehydrated but could you please keep this issue open so the developers of Duck DNS addon are aware of the issue ?
#2230
Ok will close then 👍
The ZeroSSL functionality works like a charm. Thank you! Please consider making a pull request.
thanks for the issue, @SamJongenelen 😃
Could you please apply the same fix as for the let’s Encrypt addon?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
There is a PR awaiting for this. https://github.com/home-assistant/addons/pull/2210