you’ll need to be forwarding port 8123 external to 8123 internal as well. When you set up LetsEncrypt, if 443 wasn’t forwarded to the Pi - that might explain the issue with LetsEncrypt as well. Did your certificate actually work?
So ill need to forward port 443 to 8123 and 8123 to 8123 is that rigth? How can i say that my certificate are working?
my certificate it´s not working it´s failing to find my duckdns server
I’m curious where to find all this information about port forwarding. I only forwarded 443 external to 8123 internal and I can access my system from the iOS app and a browser from the internet fine. My problem is internally on my network I can no longer ssh or samba in so my config is locked away now.
so still strugling to find a answer I forwarded the ports I was able to install duck dns, but I´m still not able to reach my hass.io outside my network, I know that in the tutorial says it´s not necessary to install let´s encrypt but i did anyway to try and gives me this message:
starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for arissaraiva.duckdns.org
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. arissaraiva.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: arissaraiva.duckdns.org
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
It´s not a problem with my domain, but I don´t know anymore what can I try, maybe it´s my router?
Just spent the last couple of hours fighting with this… (hassio)
Hopefully this isn’t completely wrong and helps someone…
- Go to duckdns.org, sign in with whichever method you like, create subdomain (Note your token here as well)
- Install duckdns add-on
- Modify duckdns add-on options (accept_terms, token, domains)
{ "lets_encrypt": { "accept_terms": true, "certfile": "fullchain.pem", "keyfile": "privkey.pem" }, "token": "paste-token-here", "domains": [ "your-domain-name-here.duckdns.org" ], "seconds": 300 }
Some have mentioned disabling SSH and Samba before starting add-on to avoid breaking anything.
- Save and Start
- Add the following to configuration.yaml
http: base_url: your-domain-name-here.duckdns.org:8123 ssl_certificate: /ssl/fullchain.pem ssl_key: /ssl/privkey.pem api_password: super-secret-password-goes-here
- Reboot
- Set up a port forward on router from 443 (https) to hassio IP
- And that should do it.
Access locally from https://hassio.local:8123/ and externally from your-domain-name-here.duckdns.org:8123
As for the error you’re getting.
Failed authorization procedure. arissaraiva.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
Have you tried refreshing/updating your IP on duckdns.org manually?
Great run down.
I’m guessing I somehow “broke” my ssh and samba because I never saw anything about turning them as you outline? Any guesses/leads on how to un-break them? I’m also seeing threads that talk about samba being possibly broken by one of the HA updates, particularly for Windows users (I’m on a Mac, and running Hass.io on my Pi), so maybe I didn’t break anything and its a larger problem? grasping at straws here…
Saw someone else mentioning it while I was scouring the forums for info, so thought I’d mention it to be safe.
I’m assuming you can still access the frontend? What happens when you modify or restart the add-ons for samba and ssh?
Otherwise you could also try loading terminal and running a update from there if you’re not already on the latest version?
I think I just got things working again, but I’m not sure exactly what the solution (or problem) was. I’m on the latest versions as of 2 days ago. Thankfully I could still access the front end, and even perform the latest Hass.io upgrade from that, but I would like to know how to use this terminal you’re referring to? (Mac OS Terminal? what commands?)
- Uninstalled DuckDNS add-on
- Uninstalled SSH
- Uninstalled Samba
- removed port forwarding
- deleted the known_hosts file from my machine
- rebooted Pi
- started reinstalling add-ons
suddenly my Samba shares showed up and I can access them. added back other things I had removed.
I’m leaning toward problems somehow stored in my known_hosts file, as when I deleted that it seemed to resolve lot of scary SSH and browser “invalid certificate” errors I was seeing, as well as fixing SSH and Samba.
Glad you got it up and running again.
Was referring to the terminal add-on https://github.com/hassio-addons/addon-terminal
Oh, I tried to configure that when I couldn’t access my Pi, but it required a port setting I couldn’t change without access to my Pi, or something like that. It seemed like a chicken/egg problem. I may set that up as a fall-back now that I have access again.
Only thing I would adjust is the address for external access. I use:
your-domain-name-here.duckdns.org
Don’t need “:8123” from external.
Ill try uninstalling everything and install again, but it seems that is something wrong on my router, also i read other threads with a lot of people having problems, some solved with cocatening their certificates on lets encrypt, does anyone here tried to install lets encrypt? Ill also try to use another dns domain
When you set up duckdns and lets encrypt it instructs you to port forward 443, 80 and 8123 to the Pi.
I don’t see it written anywhere in the instructions I’m following to forward all those ports. In fact, it only mentions “the port you listed in your configuration (8123 in the example above)”, and doesn’t mention what other port to forward. It was only trial and error and searching that told me to try 443. Maybe we’re not using the same instructions, but I also see a lot of others struggling to understand all the steps, so I was hoping to see what you followed and understand if I’m missing anything else (its working with just the one port forwarded so far).
Here’s what I’m following:
Can you share the instructions are you following?
[EDIT: Maybe its that I’m using Hass.io and the DuckDNS add-on which includes Let’s Encrypt automatically, vs. installing DuckDNS and Let’s Encrypt on another form of HASS installation? Maybe fewer ports are required in my setup as a result, but it still is not clear because it doesn’t give much detail in the instructions]
I used these ones:
I would follow the steps @derikj outlined above in his post. You shouldn’t have to install Let’s Encrypt at all, as it is included in the DuckDNS Add-On that was designed for Hassio, and you even configure it in the same Options screen.
I believe the issues I was having with SSH and Samba were mostly related to a messed up “known_hosts” file on my Mac. When I deleted that (backed it up), along with re-installing all the add-ons and deleting/re-adding my one port forwarding as well, it seemed to clear up all my problems.
Good luck
Got it. I’ve never seen that post before. It appears those instructions have been superseded (at least for those of us using the Hass.io installation). They certainly provide better detail than the “new instructions”.
From the post you included I followed the first link under DuckDNS (Home-assistant.io guide) and ended up here:
The first thing on that page says, “these instructions are out of date”, and points to a newer blog post:
These talk about a “breakthrough” and the development of an Add-On for Hass.io. The first comment on this blog post mentions port forwarding steps left off the instructions. In the More Information section of the blog post, the third bullet is DuckDNS Add-On, which takes you back to the page I shared above.
So full circle.
Thanks for sharing that source. It cleared up some mysteries for me.
I never followed that guide that is superseeded. I followed the very first link “Guide: How to set up DuckDNS, SSL and Chrome Push Notifications”
I am running the RPi all-in-one installer and I set this up a month or so ago and it was the best instructions I found at that point. I’m not using hass.io so it wasn’t autro-installed for me. I also didn’t use the duckDNS part as that is covered already by my router so I only followed on from LetsEncrypt which took what seemed an ETERNITY to install (think hours) but I just let it run and it all worked perfectly with very little grief.
I did the same installation but still doesnt work, I mean i can sometimes access inside my network mydomain.duckdns.org, but not outside, as I said before i was able to send ifttt trigger from my hass.io but cant receive a webhook.