Not possible to connect with Home Assistant. The HA certificate is not correct , check the certificate and setting and try again
How can I check the certificate and/or how can I renew it?
Thanks in Advance.
I picked up somewhere that external_IP:443 should be forwarded to internal:8123 but I assume that cannot be true as in that case it will not be possible to connect other encrypted services on other ports on other IP-addresses.
But maybe I am wrong.
Do you have any other encrypted services that you are exposing to the internet? It should indeed be 443 external to 8123 internal.
If you need MORE services exposed on port 443, then the answer is to use something like Nginx Proxy Manager addon. So the subdomain you use determines which encrypted resource you are accessing.
I have Nextcloud running on a different RPI ,thus a different IP, and it uses a non-standard port 18008. and that external:18008 is forwarded to IP:18008 of the Nextcloud PI.
You don’t have to do anything on the DuckDNS end, it’s already configured so any subdomain of your duckdns domain, will return the right IP address.
Go to the LetsEncrypt add-on and add the domain in there. whatever you have decided to use ha. or home. or whatever. Let LetsEncrypt get the certificate.
Go to Home Assistant settings - General - Network and put your new subdomain in there for the external access.
You don’t have to do anything with DuckDNS.
You will probably need to do the same with NextCloud to get a new certificate for the subdomain.
KO + Responding to challenge for ha.XX.duckdns.org authorization...
+ Cleaning challenge tokens...
KO + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "Incorrect TXT record \"\" found at _acme-challenge.ha.XX.duckdns.org"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"\" found at _acme-challenge.ha.titania.duckdns.org","status":403}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296185325816/CVVlEg"
["token"] "5QqR-EvP7yoSjcO_WM9provZSY_ZbZfFT3FwZpwf1CY"
["validated"] "2023-12-22T08:41:32Z")
[09:46:37] WARNING: KO
I prefixed my DNS name with “ha.” and that works, yet I find in the logfile:
[17:52:37] WARNING: KO
[17:57:38] WARNING: KO
[18:02:39] WARNING: KO
[18:07:40] WARNING: KO
[18:12:40] WARNING: KO
[18:17:41] WARNING: KO
[18:22:42] WARNING: KO
[18:27:43] WARNING: KO
[18:32:44] WARNING: KO
[18:37:44] WARNING: KO
And the companion app refuses to connect to the ha.MYNAME.duckdns.org name with a message: Not possible to connect with Home Assistant There was an error when loading HA. Check de connection configuration and try again. We will try a different URL when you click renew.
The old (thus without ha.) URL still works while in DuckDNS section with ha. has been configured.
[09:18:42] WARNING: KO
[09:18:43] INFO: Renew certificate for domains: ha.XXXX.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing ha.XXXX.duckdns.org
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for ha.XXXX.duckdns.org
+ 1 pending challenge(s)
+ Deploying challenge tokens...
KO + Responding to challenge for ha.XXXX.duckdns.org authorization...
+ Cleaning challenge tokens...
KO + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "Incorrect TXT record \"\" found at _acme-challenge.ha.XXXX.duckdns.org"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"\" found at _acme-challenge.ha.XXXX.duckdns.org","status":403}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296860165426/i_Owng"
["token"] "B_BSMVvawSSKQaWFfaMFNRlzv2htPwerasdd7A8GI"
["validated"] "2023-12-24T08:18:52Z")
[09:23:57] WARNING: KO
To me the above is very much Acabadabra . Maybe someone can shine some light here in this darkness.