DuckDNS provides a convenient and free dynamic DNS service to access your home network remotely. However, to keep your connection secure, it's essential to set up an SSL certificate, enabling HTTPS access to your DuckDNS domain. Installing an SSL certificate encrypts your data, prevents unauthorized access, and ensures your connection remains private. Follow these detailed steps to properly configure an SSL certificate for your DuckDNS domain.

The most effective way to secure your DuckDNS domain with SSL is by using Let's Encrypt, a free automated certificate authority. Certbot is a tool that simplifies obtaining and renewing certificates from Let's Encrypt.

Step 1: First, ensure your DuckDNS domain is correctly configured and points to your server's public IP address. Visit DuckDNS.org, log in, and verify your domain and IP settings.

Step 2: Install Certbot on your server. For Debian or Ubuntu-based systems, update your package manager and install Certbot by running the following commands:

sudo apt update
sudo apt install certbot

Step 3: Once Certbot is installed, request a certificate using the DNS challenge method, which is ideal for DuckDNS. Run this command, replacing yourdomain.duckdns.org with your actual DuckDNS domain:

sudo certbot certonly --manual --preferred-challenges dns -d yourdomain.duckdns.org

Certbot will prompt you during this process to add a DNS TXT record to your DuckDNS domain.

Step 4: To add the required TXT record, navigate to your DuckDNS account page. You'll see a field labeled "TXT" next to your domain. Paste the provided TXT value from Certbot into this field and click "Update." Wait a few minutes to ensure the DNS record propagates before proceeding.

Step 5: After updating the TXT record, return to your server terminal and press Enter. Certbot will validate the DNS challenge and issue your SSL certificate. Upon successful completion, Certbot will display the paths to your certificate and private key files.

Step 6: Configure your web server (such as Apache or Nginx) to use the newly issued certificate. For example, in Nginx, your configuration file would include:

server {
    listen 443 ssl;
    server_name yourdomain.duckdns.org;

    ssl_certificate /etc/letsencrypt/live/yourdomain.duckdns.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.duckdns.org/privkey.pem;

    location / {
        proxy_pass http://localhost:YOUR_PORT;
    }
}

Replace YOUR_PORT with your application's actual port number. Restart your web server to apply changes:

sudo systemctl restart nginx

Your DuckDNS domain is now secured with HTTPS and protected by a valid SSL certificate from Let's Encrypt.

Method 2: Using DuckDNS Add-on in Home Assistant

If you're running Home Assistant, you can simplify the SSL setup by using the official DuckDNS add-on, which integrates Let's Encrypt certificate management directly into your Home Assistant interface.

Step 1: In your Home Assistant dashboard, navigate to "Settings" → "Add-ons" and click the "Add-on Store" tab. Search for "DuckDNS" and install the official DuckDNS add-on.

Step 2: After installation, access the add-on configuration and modify it to include your DuckDNS domain and token. Your configuration should resemble:

domains:
  - yourdomain.duckdns.org
token: YOUR_DUCKDNS_TOKEN
lets_encrypt:
  accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem

Replace yourdomain.duckdns.org and YOUR_DUCKDNS_TOKEN with your actual domain and DuckDNS token obtained from your DuckDNS account page.

Step 3: Start the DuckDNS add-on. It will automatically obtain and manage your SSL certificate from Let's Encrypt. Home Assistant will store the certificate in the /ssl/ directory.

Step 4: Update your Home Assistant configuration (configuration.yaml) to use HTTPS and specify the paths to your SSL certificate files:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Restart Home Assistant to apply the changes. Your Home Assistant instance will now be accessible securely over HTTPS via your DuckDNS domain.

Maintaining Your SSL Certificate

Let's Encrypt certificates expire every 90 days. Fortunately, Certbot and Home Assistant's DuckDNS add-on automatically handles certificate renewals, ensuring uninterrupted secure access. However, periodically verify your SSL certificate's validity and renewal status by checking your web server logs or Home Assistant notifications.

With your DuckDNS domain now secured with an SSL certificate, you can confidently access your home network remotely, knowing your connection is encrypted and protected.