Duck DNS setup issues

Hi all,

I’ve been trying for many hours to setup DuckDNS on my RPi3 running Hass.io and have not been successful in doing so. Here is my current state:

  • RPi3 with Hass.io 0.69.1 installed
  • Samba share add-on successfully installed and active
  • SSH Server add-on successfully installed and active
  • Duck DNS add-on installed but not working
  • Duck DNS account created, subdomain chosen and token generated

Here is my current Duck DNS config:

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "x-x-x-x-x",
  "domains": [
    "mydomain.duckdns.org"
  ],
  "seconds": 300
}

Here is my configuration.yaml:

homeassistant:
  # Name of the location where Home Assistant is running
  name: Home
  # Location required to calculate the time the sun rises and sets
  latitude: 0
  longitude: 0
  # Impacts weather/sunrise data (altitude above sea level in meters)
  elevation: 0
  # metric for Metric, imperial for Imperial
  unit_system: imperial
  # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
  time_zone: *
  # Customization file
  customize: !include customize.yaml

# Show links to resources in log and frontend
introduction:

# Enables the frontend
frontend:

# Enables configuration UI
config:

http:
  # Secrets are defined in the file secrets.yaml
  api_password: !secret http_password
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

# Checks for available updates
# Note: This component will send some information about your system to
# the developers to assist with development of Home Assistant.
# For more information, please see:
# https://home-assistant.io/blog/2016/10/25/explaining-the-updater/
updater:
  # Optional, allows Home Assistant developers to focus on popular components.
  # include_used_components: true

# Discover some devices automatically
discovery:

# Allows you to issue voice commands from the frontend in enabled browsers
conversation:

# Enables support for tracking state changes over time
history:

# View all events in a logbook
logbook:

# Enables a map showing the location of tracked devices
map:

# Track the sun
sun:

# Weather prediction
sensor:
  - platform: yr

# Text to speech
tts:
  - platform: google

# Cloud
cloud:

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml

# Z-Wave
zwave:
  usb_path: /dev/ttyACM0

Contents of SSL directory:

core-ssh:~# ls -l /ssl
total 12
-rw-------    1 root     root          5861 May 19 19:35 fullchain.pem
-rw-------    1 root     root          3243 May 19 19:35 privkey.pem

Unsuccessful ping to Duck DNS:

XX:~ XX$ ping https://mydomain.duckdns.org/
PING https://mydomain.duckdns.org/ (**some IP address here, not mine**): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
^C
--- https://mydomain.duckdns.org/ ping statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss

Unsuccessful ping to my address assigned from my ISP:

XX:~ XX$ ping XXX.XXX.XXX.XXX
PING XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- XXX.XXX.XXX.XXX ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

In my router, I have the following configured:

  • RPi3 to static LAN IP
  • Port Forwarding External 443 to 8132 for RPi3 IP

I am able to login locally over https, but receive a notice about an invalid certificate (but I can see the certified cert for mydomain):

Log from Duck DNS startup:

starting version 3.2.4
# INFO: Using main config file /data/workdir/config
+ Account already registered!
Sat May 19 22:57:17 CDT 2018: OK
XXX.XXX.XXX.XXX
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing mydomain.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Aug 17 23:35:30 2018 GMT (Longer than 30 days). Skipping renew!
Sat May 19 23:02:21 CDT 2018: OK
XXX.XXX.XXX.XXX
NOCHANGE
Sat May 19 23:07:22 CDT 2018: OK
XXX.XXX.XXX.XXX
NOCHANGE
Sat May 19 23:12:22 CDT 2018: OK
XXX.XXX.XXX.XXX
NOCHANGE
Sat May 19 23:17:23 CDT 2018: OK
XXX.XXX.XXX.XXX
NOCHANGE

I feel like I’m close, but probably have just one or two things misconfigured. If anyone has suggestions or an idea of what may be wrong, please let me know!

Thanks

Try removing https:// from the base url

base_url: mydomain.duckdns.org

It’s the only difference I can see to my working config.

Also did you restart HA after changing the configuration.yaml file?

Hi @tom_l, I made the changes you suggested but got the same result. I have been making sure to restart my Pi after any change to a configuration file.

And just to be clear, my issue is that I can access the frontend locally (albeit with a certificate warning), but not from an external network. I’m beginning to wonder if the issue lies with my router configuration, because it appears I’m unable to ping my IP address. Aside from the port forwarding, I’m not sure what other issues there may be though.

Strange. Your configuration all looks good. And by the sounds of it you have your router configured correctly.

I just had a thought. Your ISP doesn’t use CGNAT does it?

If so duckdns won’t work unless you request they move you to a normal dynamic WAN IP address.

One way to check is to look at the WAN IP address in your router and compare it to the current IP address on the duckdns website for your domain.

Presume this is a typo as port is 8123.

I added port forward 8123 to 8123 to Rpi3 IP. Also in my config base url is https://myduckdns:8123

Then log in is via base url including the port on the end

@tom_l, I was not familiar with CGNAT, but based on the test you outlined, my ISP does NOT use CGNAT.

@EGO01, yes that was a typo. I am forwarding to port 8123. I adjusted the base_url to what you suggested but did not see any changes.

You mentioned forwarding 443 to 8123 but not 8123 to 8123 so wasn’t sure you had done that as well

I think I misread your first post. I do NOT have forwarding from 8123 to 8123. My router does not allow me to do both 443 to 8123 and 8123 to 8123 simultaneously. Do you have both rules, or just one?

I have both.

I only have 443 to 8123 (TCP) forwarding set up and it works.

So duckdns has the correct WAN IP of your router. Your router is set up to forward the correct port to the correct IP address on your LAN. It looks like you have the correct http: settings in your configuration.yaml file. Your duckdns config looks correct. I’m at a loss as to why it is not working.

Things that may help with your testing:
I can ping my duckdns address (without https:// at the front, i.e. just ping mydomain.duckdns.org) from inside my LAN and I can get to the duckdns address in a browser from within my LAN or externally.
I had to add a security exception to my browser (FireFox) to see home assistant on the local https address because the security certificate it uses is for the duckdns address.

Yea I’m not quite sure what the problem is either. When I run:

ping mydomain.duckdns.org

It correctly resolves to my IP address, however all of the icmp requests timeout. I’m not sure if they are supposed to time out or not. I’ve also noticed my internet speeds slowing after enabling DuckDNS, although that could just be coincidental and not related at all.

I’m using a “ZyXEL C2100X” modem/router if it helps.

One thing that I did just notice, when I run an ifconfig from my ssh session (into the RPi3), I get the following output:

core-ssh:~# ifconfig
eth0      Link encap:Ethernet  HWaddr * 
          inet addr:172.30.33.0  Bcast:0.0.0.0  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:146 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:19392 (18.9 KiB)  TX bytes:8503 (8.3 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

The intriguing part to me is inet addr: inet addr:172.30.33.0. I have statically assigned it’s LAN IP to 192.168.0.254. Is there a reason why these would be different? I can only access the HaSS front end from the statically assigned IP though, not the one seen from ifconfig.

That’s the address of the Hassio docker container private network. Perfectly normal. It freaked me out when I noticed it in my mqtt logs.

1 Like

Hi everyone. I made quite a bit of progress today and have some good updates to share.

It appears the root of most of my problems was that my router does not support loopback. Most of my testing that I was doing was from inside my network, so I was never able to get to my external IP.

At some point, I decided to start over from scratch and look at this tutorial. I didn’t discover the loopback issue until partway through (at step 2), so some of my previous configurations may have actually been correct. Here are my modifications to the above link:

  • Step 3: I did not add anything to my configuration.yaml file. I believe that configuration is for the Duck DNS component, while I am using the Duck DNS add-on. I’m not sure if the Duck DNS component is actually required.
  • Step 4: I pretty much completely replaced this step with the tutorial for the Duck DNS add-on
  • Step 5: For some reason I still have to specify the port when connecting from an external network (e.g. https://mydomain.duckdns.org:8123)
  • Step 6: I only have one rule, forward port 443 to 8123
  • Step 7-9: I believe the Duck DNS add-on now takes care of these steps. Please correct me if I’m wrong

If anyone sees a way for me to resolve step 5, that’d be neat, but at this point I’m ready to live with just having to specify the port number (it will be a bookmark anyway).

So if anyone is looking for working config files, I believe the ones in my original post were accurate and working (minus the caveat listed above).

1 Like

Well, looks like I sounded the victory horn a little early. In my excitement, what I failed to do before posting this last night, was actually put in my password. Whenever I put in my password from an external network, the webpage just sits there spinning “Connecting” forever, and never actually connects. Any ideas anyone?

Drop the port number and try to reach it from outside your LAN (e.g. turn off wireless on your mobile).

That was the test I already performed. From an external network (cell phone, not using WiFi), go to https://mydomain.duckdns.org. If I specify Port 8123 I am greeted with the login page (never connects after putting in credentials though). If I do not specify the port it just times out.

Put the http: configuration.yaml information back. Restart HA and try again.

That tutorial you mentioned is not for Hassio and will cause you problems.

Hey guys, so I spent some time the last few days starting over from the beginning, and
trying to be very thorough and document my entire process. I have not succeeded yet, but
I believe I am getting closer and now have a much narrower view of the problem. Here are a
list of the steps I’ve taken (planning to post them at some point if I ever succeed).

  1. Restore modem to default
  2. Restore Pi3 SD to hio 0.69.1
  3. Verify hassio.local:8123 works
  4. Snapshot
  5. Assign Pi3 static IP address in router/reboot router
  6. Install SSH server
  7. Setup and verify SSH connection with laptop
  8. Snapshot
  9. Setup basic “homeassistant” info and http pw in configuration.yaml
  10. Enable port forwarding of 8123:8123 to Pi3, restart router
  11. Verify internet works, SSH works, hassio.local:8123 works
  12. Find IP address via https://whatismyipaddress.com/
  13. Navigate to http://...:8123 with the IP address found in previous step
  • If you can’t access via your home network, loopback may not be supported. Try from
    a completely external network, such as your cellphone without WiFi on.
  • Use hassio.local:8123 on local network if loopback is not supported
  • Make sure to attempt to login with your http password set previously
  1. Snapshot
  2. Create DuckDNS account
  3. Create subdomain of your choosing, we will use mydomain.duckdns.org
  4. ping mydomain.duckdns.org
  • I used the PingTools Android app because my network does not support loopback
  • ping terminal command will work fine if you have a home network with loopback
  1. Navigate to http://mydomain.duckdns.org:8123 and verify it loads and you can sign in
  2. Install DuckDNS add-on on hassio
  3. Setup and save DuckDNS config file with info from DuckDNS account. Mine looks like:
{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "x-x-x-x-x",
  "domains": [
    "mydomain.duckdns.org"
  ],
  "seconds": 300
}
  1. Restart hassio (Hamburger button->Configuration->General->Restart)
  2. Make sure everything went OK in the duckDNS log (Hamburger->Hass.io->Dashboard->DuckDNS)
  • One time Duck DNS did not start for me, and no log was present - not sure what happened
  • Another time the challenge failed for some reason
  • Getting everything setup can take a few minutes, maybe a good time for a break :slight_smile:
  • Keep trying until you see a succesful log, such as this one:
starting version 3.2.4
# INFO: Using main config file /data/workdir/config
+ Generating account key...
+ Registering account key with ACME server...
+ Done!
# INFO: Using main config file /data/workdir/config
 + Creating chain cache directory /data/workdir/chains
Processing mydomain.duckdns.org
 + Creating new directory /data/letsencrypt/mydomain.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for mydomain.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
OK + Responding to challenge for mydomain.duckdns.org authorization...
OK + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Walking chain...
 + Done!
  1. Verify http://mydomain.duckdns.org:8123 still works
  2. Snapshot
  3. Modify configuration.yaml by adding in http info. I’ve tried both supplying https://
    and leaving it out and have had similar results.
http:
  # Secrets are defined in the file secrets.yaml
  api_password: !secret http_password
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem  
  1. Restart hassio
  2. Check local access first for sanity (https://hassio.local:8123 and https://hassio.local - I know, the correct URL at this point should be the first one, but tried both just for fun I guess).
  • DOES NOT WORK. homeassistant frontend never loads all the way.
    See weird log file, note that https://hassio.local:8123 does not work! If I comment
    out the SSL parameters, I can access the local front end over http just fine.
  • I’m not able to get Duck DNS log, either I’m using hassio cli wrong or some other issue:
core-ssh:~# hassio ad list |grep Duck
                "name": "Duck DNS",
core-ssh:~# hassio -d ad logs -name "Duck DNS"
DEBUG [addons]: action->'logs', endpoint='Duck DNS/logs', serverOverride->'', GET->'true', options->'', rawjson->'false', filter->''
DEBUG [ExecCommand]: basepath->'addons', endpoint->'Duck DNS/logs', serverOverride->'', get->'true', Options->'', Filter->'', RawJSON->'false'
DEBUG [GenerateURI]: basepath->'addons', endpoint->'Duck DNS/logs', serverOverride->''
DEBUG [RestCall]: data->'http://hassio/addons/Duck DNS/logs', GET->'true', payload->''
DEBUG [RestCall]: ResponseBody->'Addon not exists'
Error decoding json invalid character 'A' looking for beginning of value: Addon not existscore-ssh:~# 
  • “weird” log:
2018-05-22 23:33:42 ERROR (SyncWorker_8) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
2018-05-22 23:43:58 ERROR (zeroconf-ServiceBrowser__tivo-remote._tcp.local.) [homeassistant.core] Error doing job: Task was destroyed but it is pending!

So I definitely think my issue is somewhere along the lines of SSL cert’s and Duck DNS
breaking. I’m beginning to wonder if this issue is related at all:

I may post this topic to the GitHub as well to see if anyone there knows what to do.

base_url: https://mydomain.duckdns.org

should be
base_url: mydomain.duckdns.org:8123

If you want to find
https://mydomain.duckdns.org:8123
on your local WIFI do will need the add-on DNSmasq

https://mydomain.duckdns.org:8123
should work over a cellular data connection.
Good Luck