Can't access HA via SSL anymore

Configuration
1

Hi

I have been running HA with the DuckDNS add-on for about 2 year. I’m currently running…

  • Core - 2024.4.0
  • Supervisor - 2024.04.0
  • Operating System - 12.1
  • Frontend - 20240403.1

This is running in a VM in Oracle Virtual Box on top of Ubuntu.

A few nights ago, my ISP turned off internet access for routine maintenance and since it has come back, I am unable to access HA externally. I am able to access my instance via https://192.168.0.30:8123 and all seems fine.

The DuckDNS add on has the following in the logs:

[17:38:53] INFO: OK
XXX.XX.XX.34

NOCHANGE
[17:43:54] INFO: OK
XXX.XX.XX.34

To me that suggests all is good and it matched my public IP address. I have also done a DNS look up on my DuckDNS sub domain and that seems to resolve to the correct IP. I have also checked the configuration of the plug in and can see in my DuckDNS account the dynamic IP address is being updated and the access token is a match.

My network is an Eero Wifi 6. I have set up the rules set for port forwarding in the app as below…

Screenshot_20240410-194720
Screenshot_20240410-1947201080×2092 105 KB

I suspected this could be an issue with my ISP so I’ve given them a call and they have assured me they dont block any ports inbound to me.

Would really appreciate any help with this as my home is kinda on stop at the moment :frowning:

2

Here’s the full log from DuckDNS add-on

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[19:57:15] INFO: OK
***.**.**.34

NOCHANGE
[19:57:15] INFO: Renew certificate for domains: s*******e.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing s*******e.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jun  5 15:03:57 2024 GMT (Longer than 30 days). Skipping renew!
3

Did you actually verify your address is the same or you assume the logs say it’s the same?

https://whatsmyip.com/

4

Hi Demusman

Just double checked it and yes the IP address in DuckDNS matches with the website you linked.

Interestingly I’ve asked a friend to try my DuckDNS URL and it just hangs for him - doesn’t say not a valid URL or anything. And if I try https://external_IP_address_here but on a connection outside of my wifi, it just hangs too…

Thanks for the reply :slight_smile:

5

Is there anything in the HA logs about an IP ban perhaps?

6

So I’ve just set up a really simple http server and set port forwarding to that and I cant access that outside my network, so it looks like this might be an issue with my ISP afterall? It’s annoying because they’ve specifically told me nothing has changed.

7

I wonder if they are silently blocking inbound 443 perhaps? Maybe change your external port to 8443 (or something like that) and see if it works? That would def sniff out a silent block on ports 80/443.