Can't access HTTPS from outside of my LAN

I’m using HTTP config by 9 months with no problems. Accessing it from inside and outside my LAN, with a free dns service, to 8123; 8321 (IDE) and 8127 (HADashboard) ports.

3 days ago I switched to HTTPS config, with the duckdns add-on. In my local LAN I can access https://myhome.duckdns.org perfectly in HTTPS! But with my cellphone (outside my LAN) or in my work it just don’t loads the page. But the HTTP sites still works (IDE and HADashboard), inside and outside!

My router is redirecting external 443 to internal 8123 port (TCP).

 http:
   api_password: !secret http_password
   base_url: https://myhome.duckdns.org:8123
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem

Any guess??

can u access via the IP address remotely

Ao did set let’s encrypt accept terms in the duckdns config

image

1 Like

accept_terms is true.
tela1
(that’s was inside my home wifi)
tela2
tela3
tela4
tela5

On the router try 443 to 443 and see how that goes. Do you have the log of your let’s encrypt check this and see if the certificate was successful . Try the 443-443 first though

image

1st I did: Uninstalled and installed back the duckdns add-on. Removed my domain in duckdns.org and started all over again.
Now, what i got:


I have the HTTPS padlock, but it shows forbidden.


Directly by IP, I got the same error.


Using local IP, all works fine! But with no HTTPS padlock…

Then, I tried again, changing the ports in my router, as you asked. I got the same, but with the new port:
tela9

did you change the port forwarding rules as per

OK, it’s solved. My considerations:

  • I needed to uninstall and reinstall the addon.
  • Restarts a few times also my raspberry (just restarting the HA was not enough)
  • I was banned by letscrypt, because I generated more than 50 certificates in a week… hahaha After a week, got it back.
  • I discovered that my IP was banned by HA (many invalid attempts). I needed to remove my IP from the list.
  • My router does not accept that two external ports forward to the same internal port (443 to 8123 and 8123 to 8123 at same time). I can’t change loopback settings in my router too. I think that is the reason why I could not redirect 443 to 8123.
  • The solution was to use port 8123 externally. External 8123 to internal 8123, using https://myhome.duckdns.org:8123
  • I could not make it work by using the correct HTTP base_url. I used another DNS. It was the only way I could make it work inside and outside my home network!
  • So, I corrected the base_url in TTS, to keep it working

My config:

 http:
   ssl_certificate: "/ssl/fullchain.pem"
   ssl_key: "/ssl/privkey.pem"
   api_password: !secret http_password
   server_port: 8123
   base_url: https://myhome.mooo.com:8123 #Here I put this domain, that redirects to my IP, but with no HTTPS
   ip_ban_enabled: true
   login_attempts_threshold: 10
 
 tts:
   - platform: google
     base_url: https://myhome.duckdns.org:8123 #Thats the correct domain, that I'm using now!
1 Like