Namecheap Dynamic DNS Force Update Fails

[Dr.R. Clavan]

Gargoyle 1.12.0 running on TP-Link Archer C7 v2

I just wasted half a day trying to figure out why certain things in my network were completely failing until I finally realised my ISP had given me a new IP address. It's semi-static, so it can change but in practice it's always the been the same, until today. I always though that using the Dynamic DNS option in Gargoyle would prevent this problem, but clearly it didn't.

So I looked into the option again. I have correctly identified namecheap.com as the Service Provider, the Domain Name is correct, as is the Password. Yet when I click Force Update I get an

'Update failed. Ensure your configuration is valid and that you are connected to the internet"

message. Well, I am connected to the internet and the configuration seems to be valid. What am I doing wrong? It has worked in the past.

[Lantis]

It is most likely due to the lack of SNI support in ewget in v1.12.0 of Gargoyle.
You can upgrade to the latest version (as I have recommended several times) and that should fix it. Your version is unsupported and will not be updated with this functionality.
https://github.com/ericpaulbishop/gargo ... 5e816b7f39

As NameCheap protects their domain via CloudFlare, I am reasonably certain this is what is happening.

Gargoyle 1.15.x successful connection:

Code: Select all

root@Gargoyle:~# ewget https://dynamicdns.park-your-domain.com
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

OpenSSL connect command with SNI disabled, fail:

Code: Select all

$ openssl s_client -connect "dynamicdns.park-your-domain.com:443" -noservername
CONNECTED(00000003)
40574744FC7A0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1599:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

OpenSSL connect with SNI, success:

Code: Select all

$ openssl s_client -connect "dynamicdns.park-your-domain.com:443"
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R4
verify return:1
depth=1 C = US, O = Google Trust Services, CN = WE1
verify return:1
depth=0 CN = dynamicdns.park-your-domain.com
verify return:1
---
Certificate chain
 0 s:CN = dynamicdns.park-your-domain.com
   i:C = US, O = Google Trust Services, CN = WE1
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
   v:NotBefore: Feb  3 05:49:10 2025 GMT; NotAfter: May  4 06:49:06 2025 GMT
 1 s:C = US, O = Google Trust Services, CN = WE1
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R4
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
   v:NotBefore: Dec 13 09:00:00 2023 GMT; NotAfter: Feb 20 14:00:00 2029 GMT
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R4
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
   a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
   v:NotBefore: Nov 15 03:43:21 2023 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
etc etc
-----END CERTIFICATE-----
subject=CN = dynamicdns.park-your-domain.com
issuer=C = US, O = Google Trust Services, CN = WE1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2849 bytes and written 413 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

[Dr.R. Clavan]

Thanks for your reply. Unfortunately I can not upgrade beyond version 1.12, I tried that a while ago and it caused all sorts of problems (though I don't remember what exactly).