DDNS claiming "HTTPS not supported" with curl

Hey, I followed this guide:

https://openwrt.org/docs/guide-user/services/ddns/client#ssl_support

I'd like to use curl instead of wget for a variety of reasons, and installed curl and ca-bundle

However the luci web-interface is saying that HTTPS not supported. Is this a bug?

The even stranger part is everything seems to be working ok for pushing updates to my DDNS provider:

 133930       : ************ ************** ************** **************
 133930  note : PID '4852' started at 2018-12-26 13:39
 133930       : ddns version  : 2.7.8-1
 133931       : uci configuration:
ddns.mycustomname.cacert='/etc/ssl/certs'
ddns.mycustomname.domain='mycustomname.mycustomname.com'
ddns.mycustomname.enabled='1'
ddns.mycustomname.interface='wan'
ddns.mycustomname.ip_network='wan'
ddns.mycustomname.ip_source='network'
ddns.mycustomname.lookup_host='mycustomname.mycustomname.com'
ddns.mycustomname.password='***PW***'
ddns.mycustomname.service_name='google.com'
ddns.mycustomname.use_https='1'
ddns.mycustomname.username='xxxxxxxxx'
ddns.mycustomname=service
 133932       : verbose mode  : 0 - run normal, NO console output
 133932       : check interval: 600 seconds
 133932       : force interval: 259200 seconds
 133932       : retry interval: 60 seconds
 133933       : retry counter : 0 times
 133933       : No old process
 133933       : last update: never
 133933       : Detect registered/public IP
 133933       : #> /usr/bin/nslookup mycustomname.mycustomname.com  >/var/run/ddns/mycustomname.dat 2>/var/run/ddns/mycustomname.err
 133933       : Registered IP 'xx.xx.xx.xx' detected
 133934  info : Starting main loop at 2018-12-26 13:39
 133934       : Detect local IP on 'network'
 133934       : Local IP 'xx.xx.xx.xx' detected on network 'wan'
 133934       : Forced Update - L: 'xx.xx.xx.xx' == R: 'xx.xx.xx.xx'
 133934       : #> /usr/bin/curl -RsS -o /var/run/ddns/mycustomname.dat --stderr /var/run/ddns/mycustomname.err --capath /etc/ssl/certs --noproxy '*' 'https://764Ir5mFB0ucn5v2:***PW***@domains.google.com/nic/update?hostname=mycustomname.mycustomname.com&myip=xx.xx.xx.xx'
 133936       : DDNS Provider answered:
nochg xx.xx.xx.xx
 133936  info : Forced update successful - IP: 'xx.xx.xx.xx send
 133936       : Waiting 600 seconds (Check Interval)
 134936       : Detect registered/public IP
 134936       : #> /usr/bin/nslookup mycustomname.mycustomname.com  >/var/run/ddns/mycustomname.dat 2>/var/run/ddns/mycustomname.err
 134937       : Registered IP 'xx.xx.xx.xx' detected
 134937  info : Rerun IP check at 2018-12-26 13:49
 134937       : Detect local IP on 'network'
 134937       : Local IP 'xx.xx.xx' detected on network 'wan'
 134937       : Waiting 600 seconds (Check Interval)

Ive not used curl myself, but i currently have wget with ssl running successfully .

I downloaded wget but now I'm running into cert errors and it's not updating. Anyone have any ideas? I also downloaded ca-bundle (didn't work when I had curl, despite this guide https://openwrt.org/docs/guide-user/services/ddns/client#ssl_support saying it would

  Unable to locally verify the issuer's authority.
To connect to domains.google.com insecurely, use `--no-check-certificate'.
 122115  WARN : Transfer failed - retry 1/0 in 60 seconds
 122215       : #> /usr/bin/wget-ssl -nv -t 1 -O /var/run/ddns/x -o /var/run/ddns/x.err --ca-directory=/etc/ssl/certs --no-proxy 'https://CXAfLh6utkosXmwn:***PW***@domains.google.com/nic/update?hostname
 122216 ERROR : GNU Wget Error: '5'
 122216       : ERROR: cannot verify domains.google.com's certificate, issued by 'CN=Google Internet Authority G3,O=Google Trust Services,C=US':
  Unable to locally verify the issuer's authority.
To connect to domains.google.com insecurely, use `--no-check-certificate'.
 122216  WARN : Transfer failed - retry 2/0 in 60 seconds

It works for me, but the "ceacerts" variable points to the file " /etc/ssl/certs/ca-bundle.pem".

Hmm, I have ca bundle installed but the only thing that provides is ca-certificates.crt? Where did you get ca-bundle.pem?

Good question... but the truth is that I cannot remember, and "opkg search" is not helping, either.

What version of OpenWrt are you running if you don't mind me asking

Yes, that was a frontend bug and has been fixed with this commit

2 Likes