DuckDNS script broken?

[zapy85]

Trying to use PoshACME with plugin DuckDNS but it wont work.
i see DuckDNS touch the ip but it does not update it, "last updated" gets reset every time.

Part of Script:

       while ($true) {
            if ($paServer -eq 'LE_STAGE') {
                if ($Domain.Count -eq 0) {
                    $Domain = Read-Host -Prompt 'Domain name'
                } else {
                    Write-Host "Domain is $($Domain -join ', ')"
                }
                $script:domainName = $Domain | Select-Object -First 1
                if (-not $NoEmail) {
                    $contact = Read-Host -Prompt 'Email address for expiration warnings (recommended)'
                }
                if ([string]::IsNullOrWhiteSpace($Secret)) {
                    $Secret = Read-Host 'Token' -AsSecureString
                }
                $certParams = @{
                    Domain       = $domain
                    FriendlyName = $domain | Select-Object -First 1
                    DnsPlugin    = 'DuckDNS'
                    PluginArgs   = @{
						DuckToken 	= $Secret
                        DuckDomain	= $domain
                    }
                    Force        = $true
                    # Install into the Windows Local Machine Certificate Store under "Personal"
                    AcceptTOS    = $true
                }
                if (-not [string]::IsNullOrWhiteSpace($contact)) {
                    $certParams.Contact = $contact
                }
                Write-Host "[TEST] Requesting certificate for $domain from Let's Encrypt" -ForegroundColor Magenta
            } else {
                Write-Host "Requesting and installing certificate for $domain from Let's Encrypt" -ForegroundColor Green
                $certParams.Install = $true
            }

            $cert = New-PACertificate @certParams -UseSerialValidation -Verbose

Output:
VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Creating a new ec-256 account with contact: mailto:adm1n@osirisec.se
VERBOSE: Using account <nr>
VERBOSE: Order name not specified, using 'zaptestsn1000.duckdns.org'
VERBOSE: Creating a new order 'zaptestsn1000.duckdns.org' for zaptestsn1000.duckdns.org
VERBOSE: Publishing challenge for Domain zaptestsn1000.duckdns.org with Token <secret>
using Plugin DuckDNS and DnsAlias ''.
VERBOSE: Adding TXT <txt secret> on DuckDNS for zaptestsn1000.duckdns.org
VERBOSE: GET with 0-byte payload
VERBOSE: received -1-byte response of content type
VERBOSE: Saving changes for DuckDNS plugin
VERBOSE: Sleeping for 120 seconds while DNS change(s) propagate
VERBOSE: 60 seconds remaining to sleep
VERBOSE: Requesting challenge validation
VERBOSE: Unpublishing challenge for Domain zaptestsn1000.duckdns.org with Token
<secret> using Plugin DuckDNS and DnsAlias ''.
VERBOSE: Clearing TXT on DuckDNS for zaptestsn1000.duckdns.org
VERBOSE: GET with 0-byte payload
VERBOSE: received -1-byte response of content type
VERBOSE: Saving changes for DuckDNS plugin
VERBOSE: Finalizing the order.
VERBOSE: Creating new certificate request with key length 2048.
VERBOSE: Creating new private key for the certificate request.
VERBOSE: Downloading signed certificate
VERBOSE: Updating cert expiration and renewal window
VERBOSE: Successfully created certificate.
VERBOSE: Importing CN=guldfisk32.duckdns.org certificate to LocalMachine\My.
VERBOSE: Chain cert 'CN=R11, O=Let's Encrypt, C=US' with thumbprint <print> already
exists in LocalMachine\CA store.

[rmbolger]

Hi @zapy85, I'm not sure why you're saying it won't work. The log you posted shows a successful cert acquisition and installation.

Were you hoping the plugin would update your dynamic IP as well? Because the plugin does not do that. It's only used for obtaining certs for your duckdns domain.

[zapy85]

Hi @zapy85, I'm not sure why you're saying it won't work. The log you posted shows a successful cert acquisition and installation.

Were you hoping the plugin would update your dynamic IP as well? Because the plugin does not do that. It's only used for obtaining certs for your duckdns domain.

oh my bad then, i was/thought i had read that it also updated against DuckDNS as well when it created the certificate.
Maybe this would a good addition to PoshACME in that case? to have the option to update the DNS entries as well?

PoshACME is part of another PS script that generates and installs the LE certificate in to its services that uses https for a VMS/CCTV platform from Milestone [That has a free-to-use software for 8 cameras] but they dont have any built in support for LE which would have been the best i presume.

I am really confused as from where i read that it updated the DNS as well, might've been me as well that just "read into it" and got it all wrong.

If this isn't wanted you could just delete the ticket and ill look at implementing the update feature with some other scripts.

[rmbolger]

Not a problem. But yeah, I don't think it's a good idea to add the IP update functionality into the plugin.

It shouldn't be too difficult to add it to your existing script though. You already have all of the info you'd need for an IP update call in variables and their docs make it seem like should be as simple as this.

$tokenPlain = [pscredential]::new('a',$Secret).GetNetworkCredential().Password
$updateUrl = 'https://www.duckdns.org/update?domains={0}&token={1}' -f ($Domain -join ','),$tokenPlain
Invoke-RestMethod $updateUrl

You could add it just before or after your call to New-PACertificate