DDNSCertificateError: Invalid certificate

Hello Community,

Since today, this error has been displayed on several IPFire systems and no DDNS updates have been performed.
All providers are affected.
freedns.afraid.org, Duck DNS, SPDYN, Selfhost.de, …

Thank you for support

Example log:
|13:35:03 |ddns[3891]: |DDNSCertificateError: Invalid certificate
|13:35:03 |ddns[3891]: |Dynamic DNS update for *** (freedns.afraid.org) failed:
|13:35:02 |ddns[3891]: |DDNSCertificateError: Invalid certificate
|13:35:02 |ddns[3891]: |Dynamic DNS update for *** (Duck DNS) failed:
|13:35:01 |ddns[3891]: |DDNSCertificateError: Invalid certificate
|13:35:01 |ddns[3891]: |Dynamic DNS update for *** (SPDYN) failed:
|13:35:01 |ddns[3891]: |DDNSCertificateError: Invalid certificate
|13:35:01 |ddns[3891]: |Dynamic DNS update for *** (Selfhost.de) failed:

The DDNS updates are working with the provider I am using - Dynu.com

I just tested it out by changing the IP that dynu.com had for my url and it was updated by IPFire when I did an instant update.

I then searched for that error message in the IPFire DDNS code.

That message is thrown when the DDNS server being accessed has presented an invalid certificate.

I will try and see if I can temporarily get a url from one of those providers to try and reproduce what you are seeing.

Since today, I’ve been having problems with some DynDNS providers, such as Dynu and NoIP. The update fails with the message:

ddns DDNSCertificateError: Invalid certificate
ddns Dynamic DNS update for xyz.domain1.xxx (Dynu) failed

ddns DDNSCertificateError: Invalid certificate
ddns Dynamic DNS update for xyz.domain2.xxx (NoIP) failed:

This error appears every 5 minutes and no update is performed.
There’s not even an attempt to contact the DDNS provider.
It appears to be an internal issue and is independent of the IPFire version.

It seems to affect almost all DDNS providers!
The problem doesn’t seem to be with the update, but rather with verifying the IP address.
Interestingly, if you create a new domain, exactly one correct update occurs. After that, only the error occur every 5 minutes.

My guess is that the certificate of the remote site used to verify the external IP expired yesterday. That would explain the errors.

Yes, the problem is external.

IPFire uses the following server to determine an external IP V4:

checkip4.dns.lightningwirelabs.com

This uses an E6 Let’s Encrypt certificate that expired on June 17, 2025. Unfortunately, no additional server is configured by default for redundancy, so IPFire is dependent on this provider.

@bonnietwin
Since you moved my post, I can only edit it, not reply.
your post is unfortunately not true. The errror has nothing todo with the ddns server. Your dynu config works, while you are not using an external IP. Your IPFire Red Interface get the IP directly. That is another configuration

1 Like

I’ve passed on this information. Thanks for letting us know. I’m sure it’ll be resolved promptly.

Cheers,
A G

1 Like

since this morning 1:40 a.m. I also get the error

Jun 18 01:40:00 ipfire ddns[28698]: Dynamic DNS update for <mydomain.xxx> (Dynu) failed:
Jun 18 01:40:00 ipfire ddns[28698]:   DDNSCertificateError: Invalid certificate

When I restart IPFire
Every 5 minutes and also when I try “Instant update” on the ddns.cgi page

Thanks for passing the info.
The certificate has just been updated.

1 Like

Hi all

This should now be resolved.

Please can those affected try again and report back?

Thanks,
A G

2 Likes

Yes, everything is working flawlessly again.
Thank you very much !!!

However, it would be worth considering making such an important service redundant in IPFire. In the current configuration, all DDNS providers depend on the availability of this one server, and something like this can happen from time to time. And by enabling HTST, it was also difficult to circumvent.

1 Like

The problem is solved.
Thank you very much for your help.

1 Like