This resolved my issue (same as your output)
use Domain Alias in the configuration<yourdomain>.duckdns.org were <yourdomain> is your DuckDNS name
Save
Renew cert
opened 09:52PM - 12 Oct 20 UTC
closed 04:50PM - 15 Oct 20 UTC
upstream
DuckDNS doesn't allow subdomains, looked through the acmesh-official hub, and co… uld find the info in the matching script.
[https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_duckdns.sh](https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_duckdns.sh)
```
fulldomain may be 'domain.duckdns.org' (if using --domain-alias) or '_acme-challenge.domain.duckdns.org'
either way, return 'domain'. (**duckdns does not allow further subdomains** and restricts domains to [a-z0-9-].)
```
The OPNSENSE plugin tries to update the subdomain _acme-challenge.domain.duckdns.org
If I try the update manually the TXT record I get an "KO", but if I remove the subdomain "_acme-challenge" from the request I get an "OK"
os-acme-client (installed) | 1.36 | 392KiB | Let's Encrypt client
LOG - from bottom to top (removed token and txt record)
- _on_issue_err
- Error add txt for domain:**_acme-challenge**.domain.duckdns.org
- Errors happened during adding the TXT record, response=**KO**
- ret='0'
- _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
- timeout=
- url='https://www.duckdns.org/update?domains=**_acme-challenge**.domain.duckdns.org&token={token}&txt={txt}'
- GET
- url='https://www.duckdns.org/update?domains=**_acme-challenge**.domain.duckdns.org&token={token}&txt={txt}'
- param='domains=_acme-challenge.domain.duckdns.org&token={token}&txt={txt}'
- Trying to add TXT record
- Adding txt value: {txt} for domain: **_acme-challenge**.domain.duckdns.org
Common Name: yourdomain.duckdns.org I think you can even use a wildcard
DNS Alias Mode: Domain Alias Mode
Domain Alias: yourdomain.duckdns.org
1 Like