Deceptive Site Ahead after switching to DuckDNS

The certificate was correctly issued for the Duckdns domain
http://prntscr.com/26jdbvn

The strange thing is that the dashboard homepage will usually load fine. The warning appears when I try to access the configuration page:
https://****.duckdns.org/config/

But again the issue is intermittent. Sometimes it loads fine, and then I get the error after a while.

I was getting this too in the same circumstances and didn’t understand why

How did you fix it?

I never figured it out. I only needed the duckdns long enough to establish the connection to my neato vacuums a few weeks ago and I’ve had no need to use it since. Sorry I don’t have the answer; I was just validating that I encountered the same thing under the same circumstances. Maybe we both will get answers.

Does it let you continue to the site? It is apparently just doing that for anything with a duckdns domain I saw it recently when accessing an ingressed portion of my HA but after bypassing it haven’t seen it since… (but i also often have the same instance of the browser left open)

Yes it does let me continue to the website but it’s annoying. So if I understand correctly, Chrome just marks all duckdns domains as potential phishing. Is there a way I can whitelist this specific domain somewhere in chrome settings?

1 Like

I’m not sure I only had it happen on that one occasion (maybe twice in about 20 minutes) and I happened to be going to a page I don’t normally use (an add-on’s web ui) after dismissing it and continuing I haven’t seen it again. But as I mentioned I’m usually working out of the same browser window all the time when I open my computer

I started getting this today on all my internal sites. It has worked great for years and suddenly everything in my house is deceptive and marked as dangerous. WTH?

I also started having this issue just today, I updated my duckdns adon yesterday. not sure if its related?
please anyone managed to sort this?
my companion app on android samsung phone doesn’t even open

You removed the address in the address bar but not in the page itself in your screenshots :slight_smile:

Yesterday I pasted a password from Chrome’s saved passwords and instantly all of my duckdns self-hosted sites start with the Deceptive site ahead warning.

Interesting though that I have the same page loaded in two tabs now and this is what the address bars look like:

Google recently seem to be blocking our prefixed duckdns addresses as unsafe/dangerous, You can ask google to permit this as safe following a rewiew at Report Incorrect Phishing Warning

Supplying your address.
https://youraddress.duckdns.org/

It’s very annoying but I guess google have had to step up their client protection given the recent cyber defence intitieves instigated from Russia.

1 Like

It’s not just duckdns. I got this for my own domain, and I doesn’t let me through at all.

Fortunately, I have another domain I’m using as backup.

This seem to be affecting the android app too. Get this when I open the app but when i choose to let me to the site anyway the app crashes.

Access through chrome still seems ok for me for now.

1 Like

If you have your own domain, you can create a Google Search Console account, take control of your domain, and report that it is not deceptive. There is also a way to report a false deceptive alert for any domain (don’t have the link handy).

I did both of those and the next day everything was cleared.

Used your links the register my duckdns address and now warning has gone from both chrome and the home assistant app no longer crashes.

Many thanks.

My Nginx Proxy Manager settings seemed to have erased (although public access was still working). However, when I reinstalled the add-on, I am now getting the same ‘Deceptive Site Ahead’ screen when trying to access HA through my duckdns URL.

I dont see how supplying my URL to google’s “report incorrect phishing site” will suddenly resolve it when it was working before? Report Incorrect Phishing Warning

Am I missing something here? I have DuckDNS and Nginx Proxy Manager addons. Let’s Encrypt is set-up through Nginx.

I had the issue with missing settings too. After a while of troubleshooting, I found that I had created hosts and certificates with a user account that I removed later, which “broke” the DB relations. Eventually I was able to work around this by reactivating the account directly in the DB using the MySQL PlugIn. I also believe that I later changed the owner in the DB to my new account and could safely disable the “obsolete” account.

I’ve had this today as well. It started as I was setting up Alexa Media Player. I think the trigger was the callback url that is used for Amazon login. But that’s just a hunch.
I’ve requested delisting. we’ll see…

1 Like

:open_mouth: :open_mouth:Same exact thing here. Always worked since a year and, after setting up Alexa media player integration yesterday, every browser started to say that my domain may be deceptive. Apparently the “domain name and the input do not match”.
God it is so frustrating to set up things just following tutorials and without knowing what you’re doing, but why should the integration affect the certificates?