Decided to stop using Duckdns due to some recent issues with Google Assistant that a lot of people on Home Assistant seemed to be having. Personally, not convinced it was duckdns - I think it was a Google Assistant issue.
Anyway, I had a ‘spare’ domain lying around and I decided I’d try and set that up to point to my home Home Assistant server.
Never done this before and not 100% sure what the hell I am doing with this TBH as I’ve never hosted a domain on a home server before and I could have screwed something up.
Anyway, at Namecheap, I configured the A and AAAA records for my domain and also added a CNAME record… Looks like this:
On my router I also had to add the new domain to a DNS rebind protection list. I also only use IPv6 for this domain - I only have the port opened on my router for IPv6 and that is opened to the server. This also works fine with duckdns… I have never updated the IPv4 address at duckdns. It is port 443 that is opened. I also got the namecheap api key.
So I have a bunch of sub-domains in my caddyfile.
Anyway, yesterday, I downloaded a caddy with the namecheap and duckdns plugins in it and I configured my caddy settings with the environment variables and added the new domains and subdomains to my caddyfile.
Started the caddy addon in home assistant and it seems happy.
But for each and every domain, I get a string of these:
2019/09/13 09:36:39 [INFO] [sub.domain.com] acme: Waiting for DNS record propagation. 2019/09/13 09:36:54 [INFO] [sub.domain.com] acme: Waiting for DNS record propagation. 2019/09/13 09:37:09 [INFO] [sub.domain.com] acme: Waiting for DNS record propagation. 2019/09/13 09:37:25 [INFO] [sub.domain.com] acme: Waiting for DNS record propagation.
Goes on for 15 minutes or longer then I’ll see this:
2019/09/13 09:16:33 [INFO] nonce error retry: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/314207628/-j8WAg :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "0001vmrGMAM85RhhduqkKZiO7RctKatXzovN6Yl8-cec_8k", url:
and then the certificate is issued and it moves on to the next one…
The duckdns ones seem to scream right through thougy taking seconds.
Am I doing something wrong here? Do I need to change my DNS records?