no.
i have solely the mydomain.duckdns.org domain in the base_url. no ‘https’ nor ‘:8123’, which shouldn’t be used.
8123 is forward in my router settings
@andyp85 thats cool, we’ll see in 90 days 
cheers,
Marius
Ok, so without a base_url setting (and specifically one that has “https://”) sounds like you do need 8123 to 8123. Curious where you’re hearing you don’t need 443 to 8123, as that is the only one I have, and seems required for my setup. Can you point to a source, as I’m always trying to understand the port forwarding part of all this.
Mine does not work unless I use https:// and :8123 , so perhaps something in my set up is not quite correct
1 Like
I am going off the link in my earlier post which claims opening ports is not required >>> https://home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/
and @VdkaShaker
just tested, i most certainly do need the 443 forward to 8123 in the router.
check https://www.youtube.com/watch?v=BIvQ8x_iTNE again, especially the ending about the port forwards.
I know this is not a video about Hassio, so ‘details’ are different. Especially the bit on setting up Duckdns on the Pi… luckily thats not necessary anymore
cheers,
Marius
To clarify,
I was referring to the “https://” as part of your base_url, which you don’t use. I agree, you definitely need htts:// and :8123 as part of the URL you use in a browser.
To see an example of the base_url setting (if you’re not familiar) its referenced in these steps (which I found to be a good outline):
Funny… That blog post is what I find lacking in critical detail. Read the very first comment at the bottom… about port forwarding…
[EDIT: I’ve tried reading these things sooo many times I think my eyes are crossing. I re-read those comments and now see/understand what they’re saying. Maybe I CAN remove my 443 port forwarding, but I need to adjust some other settings. Oh well, more to play with when I get home… ]
There is plenty I don’t understand, but my understanding from that guide I linked to is that you no longer need to open the port for the encryption to work as long as you change accept_terms to true in duck dns. My letsencrypt was due to expire at midnight last night and I made the change before that time. It still seems to be working.
Yes I noticed that comment and mine only works with the :8123 at the end as Paulus mentions.
Thanks I will take a look. Always good to learn
Dear All,
I am having the same issue, can’t start home assistant with Let’s Encrypt. I am actually able to get the certificate.
The following in my Let’s Encrypt log,
"starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /data/letsencrypt/renewal/1234qwer.duckdns.org.conf
Cert not yet due for renewal
The following certs are not due for renewal yet:
/data/letsencrypt/live/1234qwer.duckdns.org/fullchain.pem (skipped)
No renewals were attempted."
I read through the entire thread, tried difference combinations of port forwarding whether is 433->8123 or 8123->433, cancel the 80 -> 80, tried with and without https or 8123 in the configuration file, no luck.
http:
api_password: “1234qwer”
base_url: https://1234qwer.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
I can restart home assistant only if a delete the bottom 2 lines, the ssl lines. Any help would be appreciated. Thanks.
Try removing https:// from the base_url? You use “https://” when accessing your site, but not in the config file (at least I don’t). At this point you’re just trying to get it to boot up, later you can work on the port forwarding questions, but I just forwarded 8123 to 8123.
Thanks VdkaShaker, tried that before already…
I actually don’t mind not encrypting, but i gathered i must have SSL certificate and put it in the configuration file to use google home (i got the SSL certificate just can’t put it in the config file and run), using google home voice command as triggers is my aim.
I also took on the suggestion, remove all port forwarding rules and run on the local network, just to try get Home Assistant to start with SSL, and then work on the port forwarding after. but no… as long as i don’t remove or hash tag out the ssl lines in the config file, Home Assistant will not start.
what do we think?? thanks all in advance.
1 Like
I saw somewhere that I had to turn off all other add-ons before using Lets Encrypt, so I re-did my Lets Encrypt, turning off all add-ons including Duck-DNS. I got a new Cert
starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 1234qwer.duckdns.org
Waiting for verification…
Cleaning up challenges
Non-standard path(s), might not work with crontab installed by your operating system package manager
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/data/letsencrypt/live/1234qwer.duckdns.org/fullchain.pem
Your key file has been saved at:
/data/letsencrypt/live/1234qwer.duckdns.org/privkey.pem
Your cert will expire on 2018-04-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew” - If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
I noticed there is a line about non-standard path(s), is that affecting my Home Assistant? I still can’t start it unless i remove the SSL lines.
Should I completely remove my certificate and start over again? I read somewhere that removing a certificate is not wise either… any suggestions what I should do?
Thanks all.
which one?
Hi
I have a question… my duckdns runs but my let’s encript is on stopped.
I do everything until i have to do this: “run crontab -e. Copy the following text and paste it into the bottom of the crontab file. */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1”
I tried this : https://community.home-assistant.io/t/guide-how-to-set-up-duckdns-ssl-and-chrome-push-notifications/9722 and I also tried it on the duckdns website…
I cannot save it with ctrl+x or ctrl+o … any hints / help ?
is anyone seeing the below in the log when they start the DuckDNS addon (log at the bottom of the addon). I’m doing this for the first time and it looks as though “error occurred while sending get-request to http://cert.int-x3.letsencrypt.org/” means I can’t get anywhere.
Please Help!!!
starting version 3.2.2
# INFO: Using main config file /data/workdir/config
+ Account already registered!
Mon Feb 5 00:01:49 AEDT 2018: OK
110.22.26.43
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing sebhassio.duckdns.org
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for sebhassio.duckdns.org...
+ Already validated!
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ ERROR: An error occurred while sending get-request to http://cert.int-x3.letsencrypt.org/ (Status 301)
Details:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>Yes, I’m encountering that now (first time trying DuckDNS add-on with Let’s encrypt). I believe it is due to the following: https://github.com/lukas2511/dehydrated/commit/7a0e71c6c2ccc6e98abca5ea1c7de28053e90c02 (as mentioned here: https://community.letsencrypt.org/t/dehydrated-caused-rate-limits-to-be-reached/52477).
I’m trying to build the addon myself, with updated URL, to see if that helps.
Update: it seems to be related to dehydrate , I’ve submitted a pull request (https://github.com/home-assistant/hassio-addons/pull/250) which should solve this.
Hi,
I seem to be getting this now on a new install, any way around this?
Same in here and it seam to me that is strange that no one else has this error
I’m also having problems with connecting externally. The DuckDNS/LetsEncrypt
process appeared to have run correctly but I cannot connect outside my network.
I get a “ERR_CONNECTION_TIMED_OUT” message.
My configuration:
rpi 3 (not B)
Xfinity modem
Linksys router
HASSIO 0.68.1
DuckDNS 3.2.4 (with embedded LetsEncrypt)
Mosquitto 3.2.2
SSH server 3.2.4
Samba share
DuckDNS config:
{
"lets_encrypt": {
"accept_terms": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"token": "xxxx-xxxx-xxxx-xxxx",
"domains": [
"xxxxx.duckdns.org"
],
"seconds": 300
}
I started the DuckDNS service with the above config. Waited until the process
appeared to finish. I don’t remember what I had for port forwarding, if any.
configuration.yaml:
http:
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
base_url: xxxxx.duckdns.org
# Secrets are defined in the file secrets.yaml
api_password: !secret http_password
Updated the configuration.yaml file and restarted HASSIO.
modem port forwarding:
443 -> 443 at router ip
router port forwarding:
443 -> 8123 at rpi ip
I can connect internally using https://hassio.local:8123, SSH and Samba also
still work (with no changes).
When I tried connecting using https://xxxxx.duckdns.org, I got the error
message:
This site can’t be reached
xxxxx.duckdns.org took too long to respond.
ERR_CONNECTION_TIMED_OUT
To verify this was not a certificate error, I used the site:
https://www.geocerts.com/check-ssl-certificate
The site verified my SSL certificates. NOTE: The port forwarding above was
necessary to verify the certificates.
I cannot connect using the external url, nor can I connect using the iOS
home assistant app. It also give me a “request timed out” error.
Any ideas anyone???
1 Like