Cannot connect via https only http with DuckDNS

insomniac-ai · July 15, 2022, 2:46pm

I set up HA with a mysubdomain.duckdns.org but no matter what I do, I cannot connect to it via https: only http.

In my router, I have ports 443 and 8123 direct to my Raspberry Pi 4. My router is a Netgear 6700.

Here is the configuration for my DuckDNS in HA:

domains:
  - [mydomain].duckdns.org
token: [my token]
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300

I’m not sure what the next step is. Any help is appreciated.

Thank you!

jim_os · July 15, 2022, 3:29pm

The configuration is correct so far. What’s in the DuckDNS add-on log?

Have you done a test with an online port scanner to see if the ports on the router are displayed as open?

insomniac-ai · July 15, 2022, 5:13pm

The DuckDNS log says:

[13:00:42] INFO: OK
ipaddress
NOCHANGE
[13:05:43] INFO: OK
ipaddress
NOCHANGE

and so on.

According to the port scanner 8123 is forwarded correctly but 443 is not. I have consulted every forum that I could find regarding forwarding of 443 but it seems that it’s blocked by my ISP (Spectrum / Charter).

jim_os · July 15, 2022, 5:42pm

Ok that would be rather unusual but who knows. Unfortunately I can’t help you with that. Maybe check the port forwarding again on the Netgear Router …

stomko · July 16, 2022, 4:58am

How does your nginx or configuration.yaml looks like?
Here you just created certificate and dns record, but you need to tell HA to use it.
Either in configuration.yaml only (then http would not work at all, regardless if from inside or outside, and you would have trusted cert warnings unless you have dns record on your local network for duckdns domain) or in nginx config + configuration.yaml where you define that internal is http, external would be https.

jim_os · July 16, 2022, 6:07am

The online port scanner says that port 443 is not open. → If port 443 is not open, none of this (nginx, duckdns, configuration.yaml) matters.

stomko · July 16, 2022, 8:31am

But if you do port forward, it needs to be forwarded to something that listens on port 443 to say it is opened.
If your HA listens on 8123, forward (if your router allows you to set different outside/inside ports) 443 to 8123 locally. It should say it is open but it will still be just plain http, not https.

jim_os · July 16, 2022, 9:12am

Oops you are right. Sorry.

@ insomniac-ai
Do you (also) use the Nginx Proxy Manager Add-on?

insomniac-ai · July 19, 2022, 9:45pm

I did not but I added it and everything works now! Thank you!