This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problem with the DuckDNS certificate for the DDNS service.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem with the DuckDNS certificate for the DDNS service.

A.Kuszaj
L0 Member

‎07-18-2025 01:21 AM

Hi,
I'm having an issue with Palo Alto and DDNS — specifically with DuckDNS. Everything had been working fine for the past two years, but for about a month now, Palo Alto is showing an SSL certificate error.
The exact error message is:

Server response: Peer certificate cannot be authenticated with given CA certificates

I’m not sure which certificate I should be using to fix this.
Has anyone encountered and resolved this issue?

0 Likes Likes
1 REPLY 1

kiwi
Community Team Member

‎07-18-2025 01:41 AM

Hi @A.Kuszaj ,

 

Root and intermediate CA certificates expire, or new ones are issued, and the Palo Alto firewall's trusted CA store needs to be updated to reflect these changes. Since it was working for two years and stopped about a month ago, it's probable that a certificate in DuckDNS's chain either expired or was updated, and your firewall hasn't updated its trusted CA store accordingly.  Possibly you may have to install and set the Intermediate Certificate as a Trusted Route CA.  You may have to delete and recreate the Certificate Profile for this to take effect.

 

Here are a few things you can check:

 

Clarify which certificate chain you have installed to the firewall ? Refer to the article link to install correct intermediate CA on the firewall: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm66CAC 

 

Validate the DDNS configurations referring to this document link: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-dynamic-dns-for-firew... 

Please refer to this article link providing resolution for Error message: Peer certificate cannot be authenticated with given CA certificates: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLz3CAG&lang=en_US%E2%80%A...

 

Hope this helps,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 69 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks