/etc/ssl/certs/and enables verification of SSL certificates by any program that uses this as a default, including ddns-scripts.
The smallest set of changes making the biggest difference are:
#option service_name "duckdns.org" option interface "wan" #assuming wan is the public network option domain "<subdomain>.duckdns.org" option username "<subdomain>" option update_url "http://www.duckdns.org/update?domains=[USERNAME]&token=[PASSWORD]&ip=[IP]" option use_https "1" #uses /etc/ssl/certs/ (populated by "ca-certificates"), or "option cacert"
interfaceoption tells ddns to update when this network changes status, namely when it goes up.
domainoption is the domain held by the client, and
'nslookup $DOMAIN'should succeed and point to the client (or router it's behind) when everything is up to date; this is used as the check to see if
$DOMAINpoints to the clients public IP.
usernameoption is used where the
domainoption was used before, this is also reflected in the change to
<duckdns-token> with proper values.
config service "duckdns" option enabled '1' option interface 'wan' option username '<subdomain>' option domain '<subdomain>.duckdns.org' option password '<duckdns-token>' option ip_source 'network' option ip_network 'wan' option check_interval '1' option check_unit 'hours' option update_url 'http://www.duckdns.org/update?domains=[USERNAME]&token=[PASSWORD]&ip=[IP]' option use_https '1'
This will update anytime the 'wan' network goes up, or the check (every hour) notices an inconsistency, and will force the ip to the value detected on the 'wan' network (remove the
&ip=[IP] and duckdns will auto-detect). The 'force_interval' and 'force_unit' options are unnecessary as duckdns does not expire listings if they aren't refreshed periodically.