DuckDNS AddOn / Remote https access - doesn't work

doubledutch · September 30, 2020, 7:55pm

I’ve been trying to get this to work for 2 days now and I can’t get there. Let me try to give as much information as possible. I have:

HASSIO on a QNAP, Unbunty 18.04 lts virtual machine. Local access, without http works fine on port 8123
Created a DuckDNS account and registered a domain. Lets call that: mydomain.duckdns.org
Installed the DuckDNS AddOn in HA and configured the following config file:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: dummy-a027-4fd1-ad88-4f132ac3e798
domains:
  - mydomain.duckdns.org
aliases: []

When starting the AddOn the log reads:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[20:09:52] INFO: OK
195.213.125.199
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing doubledutch.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Dec 28 19:52:33 2020 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
seconds: 300

Configured two port redirects on my router: 443 and 8123 both redirect to my VM IP address to port 8123
HA->Configuration->General: External URL is set to: https://mydomain.duckdns.org
I have made NO CHANGES to the configuration.yaml file NOR have I installed any other tools such as credbot on my server. Everything is “vanilla”

The results:

When I visit: https://mydomain.duckdns.org or https://mydomain.duckdns.org:8123 the browser (Chrome) shows: "mydomain.duckdns.org sent an invalid response.
The HA Logs show a longer message which includes “aiohttp.http_exceptions.BadStatusLine: invalid HTTP method” - It does this consistently everytime I try to connnect so I assume from that, that the request does make it through my router, port redirect to the virtual machine
When I use nmap -p 8123 localhost, the result includes: 8123/tcp open polipo (I mention this as some posts have suggested there should be a hassio reference there - not sure what polipo is)

I’ve looked at about 100 different forum posts and I can’t figure out what’s going on so I would really appreciate some guidance as without this, I can’t get my smartthings integration to work.

doubledutch · September 30, 2020, 8:25pm

Thank you. The way I understood it, the DuckDNS AddOn includes : lets_encrypt (see config file above) and if you look at the log files above, it includes reference to certificates downloaded from lets_encrypt which are both (fullchain.pem and privkey.pem) installed in the ssl folder.

Is that not enough or have I misunderstood this?

aceindy · September 30, 2020, 8:28pm

I withdrew my answer as I did not read it mainly concerns the duckdns addon.
I don’t use it, so i do not know the answer
(i use my own dns and certbot to generate my certificates

Hellis81 · September 30, 2020, 8:37pm

So… if I understand correctly you did not do any changes to configuration.yaml.
You must include the http: in configuration.yaml.

This is my config. Sorry for I being an image but it’s just impossible to copy from the app.

And yes, base_url is commented out. Apparently it’s not needed.
It makes it possible to connect to IP directly also without having certificate errors.
YMMV.

aceindy · September 30, 2020, 8:50pm

That is what i figured too (same cofig here)

i just wasn’t sure abt duckdns addon

Tediore · September 30, 2020, 11:01pm

Did you restart home assistant after adding that to your config?

doubledutch · October 1, 2020, 8:16am

@Hellis81/@aceindy: that was the solution! These two lines were missing from the configuration.yaml file! I was under the assumption that having installed the AddOn, given that the DuckDNS logs is clear about locating the certificates and the fact that things like base_url were no longer required in the http section of configuration.yaml: the AddOn would do all the work telling HA where those certificates are. Clearly: that’s not the case (I would probably suggest that whoever maintains the doc for this AddOn adds this to the text).

My problem was made worse by the fact that I installed the Visual Studio Code plugin which, through the WebUI, frequently decides not to save changes. After you made the above suggestion, I used VSC to make these changes, restarted HA and it still didn’t work. When I finally found the file on my file system, I noticed that the http: section wasn’t there so VSC didn’t save it. Edited using vi, restarted and it worked.

I tried adding this http section using VSC many times over the last few days and I always assumed that HA that section because the options were no longer valid. That was wrong. VSC doesn’t seem to have saved them in the first place.

We live and learn. Thanks all for your help. Up to the next challenge.