🐛 Fix problems with alias domains and dns-01 challenge (#1785)

* 🐛 Fix problems with alias domains and dns-01 challenge

And add some documentation to clarify a bit.

Resolves #1331

* Fix linter issue

* Add changelog

* Update config.json

* Update config.json

Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>

duckdns/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.12.5
+
+- Fix bug causing DuckDNS to return KO, when aliases were configured
+
 ## 1.12.4
 
 - Fix bug where IPv6 got the value of IPv4

duckdns/DOCS.md

@@ -101,13 +101,19 @@ For example:
 ```yaml
 domains:
   - my-domain.duckdns.org
-  - ha.my-domain.com
 aliases:
   - domain: ha.my-domain.com
     alias: my-domain.duckdns.org
 ```
 
-Also, add your custom domain name to the `domains` array to create the certificate for both domains
+Don't add your custom domain name to the `domains` array. For certificate creation, all unique domains and aliases are used.
+
+Also, don't forget to make sure the dns-01 challenge can reach Duckdns. It might be required to add a specific CNAME for that:
+
+```
+CNAME _acme-challenge.<own-domain>    _acme-challenge.<domain>.duckdns.org
+CNAME                 <own-domain>                    <domain>.duckdns.org
+```
 
 ### Option: `seconds`
 

duckdns/config.json

@@ -1,6 +1,6 @@
 {
   "name": "Duck DNS",
-  "version": "1.12.4",
+  "version": "1.12.5",
   "slug": "duckdns",
   "description": "Free Dynamic DNS (DynDNS or DDNS) service with Let's Encrypt support",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/duckdns",
@@ -27,7 +27,7 @@
     "ipv4": "str?",
     "ipv6": "str?",
     "token": "str",
-    "domains": ["str"],
+    "domains": ["match(.+\.duckdns\.org)"],
     "aliases": [
       {"domain": "str", "alias": "str"}
     ],

duckdns/data/run.sh

@@ -16,15 +16,26 @@ WAIT_TIME=$(bashio::config 'seconds')
 # Function that performe a renew
 function le_renew() {
     local domain_args=()
-    local domains
-  
+    local domains=''
+    local aliases=''
+
     domains=$(bashio::config 'domains')
 
     # Prepare domain for Let's Encrypt
     for domain in ${domains}; do
+        for alias in $(jq --raw-output --exit-status "[.aliases[]|{(.alias):.domain}]|add.\"${domain}\" | select(. != null)" /data/options.json) ; do
+            aliases="${aliases} ${alias}"
+        done
+    done
+
+    aliases="$(echo "${aliases}" | tr ' ' '\n' | sort | uniq)"
+
+    bashio::log.info "Renew certificate for domains: $(echo -n "${domains}") and aliases: $(echo -n "${aliases}")"
+
+    for domain in $(echo "${domains}" "${aliases}" | tr ' ' '\n' | sort | uniq); do
         domain_args+=("--domain" "${domain}")
     done
-    
+
     dehydrated --cron --hook ./hooks.sh --challenge dns-01 "${domain_args[@]}" --out "${CERT_DIR}" --config "${WORK_DIR}/config" || true
     LE_UPDATE="$(date +%s)"
 }
@@ -56,7 +67,7 @@ while true; do
     [[ ${IPV4} != *:/* ]] && ipv4=${IPV4} || ipv4=$(curl -s -m 10 "${IPV4}")
     [[ ${IPV6} != *:/* ]] && ipv6=${IPV6} || ipv6=$(curl -s -m 10 "${IPV6}")
 
-    if answer="$(curl -s "https://www.duckdns.org/update?domains=${DOMAINS}&token=${TOKEN}&ip=${ipv4}&ipv6=${ipv6}&verbose=true")"; then
+    if answer="$(curl -s "https://www.duckdns.org/update?domains=${DOMAINS}&token=${TOKEN}&ip=${ipv4}&ipv6=${ipv6}&verbose=true")" && [ "${answer}" != 'KO' ]; then
         bashio::log.info "${answer}"
     else
         bashio::log.warning "${answer}"