Accessing HASS from local ipad iphone with duckdns and lets_encrypt

I installed duckdns and lets_encrypt and normally I work from either my iphone remotely or my windows PC…and that works. When I try to connect to HA from my ipad which is on my local wan, I can’t connect.

I’ve tried https://192.168.xx.xx:8123 which is the exact same url as I use from my windows PC on the same local network. I’ve tried https://xxxxx.duckdns.org:8123 which works from my iphone on cellular…and I’ve tried both safari and chrome.

I can get to the logon screen in chrome (not in safari) using my local IP, but my userid/pw is rejected as invalid.

I’ve searched and found others have had the same problem…I’ve even found some threads marked “solved”, but there is no solution posted…just folks having the similar problems trying to connect locallyl with Apple devices. I am on latest ipad/iphone software.

Try the iOS app rather than a web browser.

Already tried…both with the IP address and xxx.duckdns.org. both give error messages when I am on my home network.

The IP address won’t work because the ssl certificate is for the domain name not the IP address. You can override this in desktop browsers, not sure about iOS versions.

Does your router support NAT loopback?
If you are using Hass.io try setting up a dns server on it with the Dnsmasq add-on.
Then set it up like this:

{
  "defaults": [
    "1.1.1.1",
    "8.8.8.8"
  ],
  "forwards": [],
  "hosts": [
    {
      "host": "yourname.duckdns.org",
      "ip": "hassio internal ip"
    }
  ]
}

Then go to your ipad’s wifi settings and select manual (not dhcp) configuration.
Set your internal pad’s ip, gateway and subnet to whatever your network needs and set the dns server same as your internal hassio IP.

Then try again from the ios app with the duckdns address.
:crossed_fingers:

I was thinking the same thing, except this statement seems to rule that out:

It’s only the iPad that is failing to connect.

My thought was to eliminate any ssl conflict on the ipad app, (the ones you bypass manually on a browser).
Plus idk if he’s using the iPhone app or browser

My NVG468MQ (frontier FIOS) router does not supports NAT loopback. When I sign on from my home computer with my HA IP address using HTTPS I get a browser security message that I have to override to allow me to go to my “unsafe” rpi HA. There is a certificate for duckdns/lets encrypt but it’s marked invalid in chrome.

The app works or doesn’t work on both HA companion or my iphone browser. If I deactivate the LAN on my phone (just use LTE), it all works. Connect to LAN and the phone/ipad don’t work.

frustrating because I really need access from both my mobile phone and my inhouse ipads to do different things in my home automation and I don’t want to do anything that will slow down my regular computer users.

The certificate is only good for the DOMAIN name, not your IP, so by you accessing the IP, it doesn’t see a valid certificate. This is how certificates work.

Because your router doesn’t support NAT loopback. You are going to have to use some DNS hackery in your network to get this to work properly.

Try the method that @krash has lined out for you.

That worked. Another problem solved!!!

Just for my information, where does the Dnsmasq config info get stored and is stored when I do a HASS snapshot or ALL?

All the addons configs are saved somewhere the (hidden) .storage folder. They are saved when you take a full backup and I believe they are also stored when you do partial backups that have the add on ticked.

add-ons are not part of home assistant, so they should store all their configs outside the homeassistant directory on the share.

I was under the impression that all the jsons of hassio addons configurations were somewhere inside .storage folder. I guess I’m wrong :slight_smile:

the .storage folder should only be used for entities/auth/devices inside Home Assistant.

So my question still is…does a hass.io complete snapshot capture everything that’s needed for a backup/restore of everything I’ve configured, integrations, official addins?

yes it does