DuckDNS and SSL problem: SSL_ERROR_RX_RECORD_TOO_LONG

randomusername · March 31, 2018, 12:20pm

I’ve installed DuckDNS in Hass.io. LetsEncrypt was installed but I read it wasn’t necessary, so uninstalled it to avoid complications. DuckDNS config in the web interface is this:

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "tokenhere",
  "domains": [
    "mydomain.duckdns.org"
  ],
  "seconds": 300
}

The configuration in configuration.yaml is:

http:
  api_password: PASSWORDHERE
  base_url: mydomain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I have forwarded port 443 to port 8123 on my router.

http://mydomain.duckdns.org works, if I pop :443 on the end.
https://mydomain.duckdns.org does not work and results in the following error in Firefox: An error occurred during a connection to mydomain.duckdns.org. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG. Chrome returns a ERR_SSL_PROTOCOL_ERROR error also.

Any ideas?

Thanks.

randomusername · March 31, 2018, 12:27pm

I should also add that I’ve tried base_url: https://mydomain.duckdns.org:8123.

Confusingly, the documentation here (https://www.home-assistant.io/addons/duckdns/) says to use https: but the default value in the configuration.yaml says to uncomment a line that does not include a https:// prefix.

randomusername · March 31, 2018, 12:50pm

Next thing I’m noticing is that after a reboot, the following code just gets stripped out / removed from configuration.yaml

  base_url: mydomain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

So this isn’t necessary for hass.io?

n4vm4n · October 3, 2018, 9:46am

Thought id give you my experience when setting up DuckDNS with HA

So i got the same error as yourself and then realised it was the formatting in the http directive that caused the error. Corrected it, restarted HA and errors have now gone

HTH

tunnis · October 21, 2018, 12:10pm

Another problem for me

FredTheFrog · October 21, 2018, 6:13pm

Fighting the same issue here. Would love to see a good description of the cause with a solid resolution.

Cause: Incomplete / improperly-formatted arguments

Solution: Configure four items beneath http: :

http:
    base_url: https://homeassist-mysite.duckdns.org
    server_port: 8123
    ssl_certificate: /ssl/certfile.pem
    ssl_key: /ssl/privkey.pem

FredTheFrog · October 21, 2018, 7:19pm

RESOLVED!

http:
    base_url: https://ha-mysite.duckdns.org
    server_port: 8123
    ssl_certificate: /ssl/certfile.pem
    ssl_key: /ssl/privkey.pem

randyandy65 · January 1, 2019, 8:52pm

What did you mean by formatting?
What does your http: section state?

Thanks…

doublepedaldylan · January 15, 2019, 3:30am

The provided formatting for the http section has an extra space in front of each line. I couldn’t figure this out for weeks, and the formatting comment solved it for me, once I had everything else set up right.

http:
  api_password: !secret http_password
  server_port: 8123
  base_url: https://example.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

This works for me, if I forward 443 externally to 8123 internally, and access via https://example.duckdns.org

DevScientist · January 27, 2019, 5:51am

Thanks for the tip!

I had everything configured exactly as all the guides described:

DuckDNS Config:

 {
      "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
      },
      "token": "my_token",
      "domains": [
    "my_domain.duckdns.org"
      ],
      "seconds": 300
    }

configuration.yaml

http:
  base_url: https://my_domain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I had my router set up to forward 8123 external to 8123 internal on my Pi’s internal 192.168.1.XXX IP address and still couldn’t get it to work until I saw your note.

Sure enough, there was still a single space in front of my first http: line in the configuration.yaml, which was causing it not to be recognized. As soon as I deleted that space it all works!

avellanet · February 20, 2019, 2:04am

Thank you, thank you, thank you!! I am brand new to HA but consider myself pretty handy with the computer but this one had me stunned. Spent two solid days trying to figure it out on my own and finally decided to ask my buddy Google and it brought me to this answer. lesson learned…never be afraid to ask.

xerxel · March 16, 2019, 9:50pm

Just to make this super clear to everyone using Hassbian:

Check your configuration file. Look at the line which starts http: which you uncommented.

Ensure there is no space in front of the text “http:”

Make sure you are forwarding port 443 on your router to port 8123 on the ip address of your Hassbian.

Here is my config which is now working:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
   api_password: mysupersecureP@ssword
   base_url: https://mydomainname.duckdns.org
   server_port: 8123
   ssl_certificate: /home/homeassistant/dehydrated/certs/mydomainname.duckdns.org/fullchain.pem
   ssl_key: /home/homeassistant/dehydrated/certs/mydomainname.duckdns.org/privkey.pem

neurotone · April 24, 2019, 1:21am

what is the (api_password: mysupersecureP@ssword) for?

Phill_Healey · April 12, 2020, 10:11pm

His super secure api! Duhrrr!

dbrunt · January 8, 2021, 10:52am

For others reading this thread, api_passwd: was deprecated a while ago and needs to be removed due to a breaking change in HA 0.101(?)