Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

letsencrypt: support DuckDNS DNS challenge #3152

Merged
merged 7 commits into from
Nov 24, 2023
Merged

letsencrypt: support DuckDNS DNS challenge #3152

merged 7 commits into from
Nov 24, 2023

Conversation

iranl
Copy link
Contributor

@iranl iranl commented Jul 27, 2023

Adds DuckDNS DNS challenge support.

CNAME for custom domain "test.example.com" with DuckDNS domain "abc.duckdns.org" should be set up as follows:

_acme-challenge.test.example.com. 600 IN CNAME abc.duckdns.org.

Note: Alias / custom domain support for obtaining a Let's Encrypt certificate in the DuckDNS addon is broken (#2505) and devs have proposed to remove support for aliases altogether (#2662 #2964).

Proposed solution was to use the DuckDNS addon for keeping a dynamic IP up to date only and configure the Let's Encrypt addon to obtain a certificate (through a HTTP challenge or third party DNS provider that is supported by the Let's Encrypt addon).

This PR allows for DuckDNS DNS challenges including for custom domains and as such no ports need to be opened to allow a HTTP challenge and no secondary DNS provider is needed to complete the DNS challenge for custom domains.

@home-assistant
Copy link

Hi @iranl

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

@joedj joedj mentioned this pull request Sep 16, 2023
Closed
@github-actions github-actions bot added the stale label Nov 20, 2023
agners
agners reviewed Nov 22, 2023
View reviewed changes
letsencrypt/build.yaml Outdated Show resolved Hide resolved
@github-actions github-actions bot removed the stale label Nov 22, 2023
@iranl
Copy link
Contributor Author

iranl commented Nov 22, 2023

Tnx for reviewing @agners.

Build on armhf and armv7 seems to fail on building cryptography from source.
A binary wheel is available and being used on all other platforms.

The information on https://cryptography.io/en/latest/installation/#alpine suggests that

The Rust available by default in Alpine < 3.17 is older than the minimum supported version.

Merging #3325 with its update to Alpine 3.18 could solve this issue?

@agners
Copy link
Member

agners commented Nov 22, 2023

Merging #3325 with its update to Alpine 3.18 could solve this issue?

Yeah it should. #3325 builds fine it seems. So best is to rebase this once #3325 got merged.

@agners agners marked this pull request as draft November 24, 2023 12:11
@agners
Copy link
Member

agners commented Nov 24, 2023

Ok, #3325 is merged now, conflicts need to be resolved now and version in confiig/CHANGELOG adjusted.

@iranl iranl marked this pull request as ready for review November 24, 2023 12:29
agners
agners approved these changes Nov 24, 2023
View reviewed changes
Copy link
Member

@agners agners left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small nit, but other than that LGTM.

letsencrypt/config.yaml Outdated Show resolved Hide resolved
@agners agners merged commit dbb7acf into home-assistant:master Nov 24, 2023
@iranl iranl deleted the duckdns branch November 24, 2023 16:17
This was referenced Nov 24, 2023
Merged
Closed
@iranl iranl mentioned this pull request Nov 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agners agners agners approved these changes

Assignees
No one assigned
Labels
add-on: letsencrypt cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iranl @agners