duckdns per se only provides a dns for your public ip. that is translates it into something more humanly easily readable.
you need to setup port forwarding on your router to your HA ip address and port 8123.
until this point all is going well, (been able to do so from the external setup Duckdns.org.
you’ll need the extra service to encrypt the traffic to and from your HA. And then things fail. Whatever i try here, nothing works. Yet.
just read that i might have been doubling services. Ive been trying to enable both Duckdns and Let’sencrypt in the Hassio interface, while the separate Letsencrypt object is designed for dns services other than Duckdns.
Ducksdns object should be able to do it all.
Ive been able to find both certificates in the ssl folder, i hadn’t activated in my Mac/finder before… Somethings working after all!
Sound like you got it working! Congrats. Yes, I tried to indicate in my first post here that the DuckDNS Add-On for Hhass.io has a built in Let’s encrypt component, but its subtile and easy to miss.
I’m still trying to fix my Samba and SSH access… Not sure how I mucked that up by enabling this add-on.
Samba and ssh working here
Duckdns was already working before I installed the Hassio component.
No ssl though. Maybe I ought to let the Ducksns Hassio component handle registering the domain too and build everything from there?
We’ll try that next.
a lot of my friends are having problems with duckdns. I keep telling them to use no-ip instead, since no-ip is comparable to most routers dns settings. But… do what you want.
just as a final report, ive made it successfully to the end
Duckdns, letsencrypt certificates, ssl and Mqtt are working just fine now. The error message above can from another hickup in the setup (i suspect cpuspeed to be the culprit)
Since updating my duckdns to version 1.0 and changing the ‘accept_terms’ to ‘true’ I was able to take off my port forwarding for 443. I had to keep the 8123 internal to 8123 external forward even though the instructions I have read said no port forwarding is required anymore. This is the link to the page I read regarding this. May help some who may not have seen it >>> https://home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/
thats fine indeed, though it didnt go as smoothly as described here…
I wonder if said settings take care of the certificate renewal each 90 days too. Apparently those port forward were necessary for sending over the certificates. If you stop forwarding, that might intervene with the renewal i fear.
maybe @balloob and #pascalvizeli could chime in to confirm?
Cheers,
Marius
btw while your at it, any experience with the Nginx add-on? would we still need that?
Curious about your setup. I read on some other thread that if you did not put “https://” as part of your base_url in configuration.yaml you had to put 8123 to 8123 port forwarding. Did you happen to use “https://” in your base_url?
I do have the 8123 to 8123 port forwarding as it would not work when I tried it without. I was able to remove the 433 forward I had previously had in place, which should not be needed anymore from what I understand.
Ok, so without a base_url setting (and specifically one that has “https://”) sounds like you do need 8123 to 8123. Curious where you’re hearing you don’t need 443 to 8123, as that is the only one I have, and seems required for my setup. Can you point to a source, as I’m always trying to understand the port forwarding part of all this.
just tested, i most certainly do need the 443 forward to 8123 in the router.
check https://www.youtube.com/watch?v=BIvQ8x_iTNE again, especially the ending about the port forwards.
I know this is not a video about Hassio, so ‘details’ are different. Especially the bit on setting up Duckdns on the Pi… luckily thats not necessary anymore
I was referring to the “https://” as part of your base_url, which you don’t use. I agree, you definitely need htts:// and :8123 as part of the URL you use in a browser.
To see an example of the base_url setting (if you’re not familiar) its referenced in these steps (which I found to be a good outline):
Funny… That blog post is what I find lacking in critical detail. Read the very first comment at the bottom… about port forwarding…
[EDIT: I’ve tried reading these things sooo many times I think my eyes are crossing. I re-read those comments and now see/understand what they’re saying. Maybe I CAN remove my 443 port forwarding, but I need to adjust some other settings. Oh well, more to play with when I get home… ]
There is plenty I don’t understand, but my understanding from that guide I linked to is that you no longer need to open the port for the encryption to work as long as you change accept_terms to true in duck dns. My letsencrypt was due to expire at midnight last night and I made the change before that time. It still seems to be working.
Yes I noticed that comment and mine only works with the :8123 at the end as Paulus mentions.
