DuckDNS and expired certificates - "The date of the home assistant certificate is invalid, please review the home assistant certificate..."

I’m leaving this here in case it might help someone else having the same issue, since I’ve tried everything I could find on the internet generally and on these forums to no avail.

Home Assistant has been working just fine on a ~6 month install until yesterday when my DuckDNS / Let’s Encrypt generated HTTPS certificate expired.

HA android app won’t connect. Web connection shows the following expired cert details:

Tried the following:

  • Restarting host entirely
  • Verifying time of host machine
  • Changing DuckDNS configuration from: “accept_terms: true” to “false,” restart add-on, change back
  • SSH into host, backing up PEM files from ssl* and deleting PEM files then restarting host (this completely broke the ability to load UI even by IP forcing me to re-upload the old PEM files)

What wound up eventually working was the following:

  • Backup duckdns YAML configuration
  • Remove duckdns add-on
  • putty into home assistant server. Backup pem files from /ssl and then delete them
  • Re-install duckdns-add on. Copy previously backed up YAML configuration into editor under configuration tab
  • Make sure there’s no ‘ssl’ path before the certfile or keyfile entry…this will toss an error and not create the pem files correctly.
  • Start duckdns
  • Note that PEM gets generated in duckdns log
  • Restart host
  • Observe that HTTPS is now showing fresh certificate

Not sure if this is a bug with DuckDNS auto-renewal, although that’s certainly what seems to be going on.

Anyway, this worked for me. YMMV

If this happens again try forwarding port 80.

I never had a certificate renewal issue during the years I was using DuckDNS but I’ve seen reports by others that say this is what worked for them.

fair change it is what @tom_l said…

I just couldn’t get in with my Android phone companion ap nor my Fully Kiosk wall panel. Google Chrome on my Windows laptop was going bonkers with the warnings, but let me in to do a restart which solved the other 2 devices.