DUCKDNS and SSL

crboffo · September 15, 2019, 2:30am

Hi,
I am new and trying to setup DUCKDNS. The process worked and ports 443 and 8123 are forwarded. I can access HA from outside the house via HTTP, however if I try HTTPS it does not work. Here is my config:

# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
base_url: myaddress.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

# Text to speech
tts:
  - platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml

and the DUCKDNS config

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my token",
  "domains": [
    "myaddress.duckdns.org"
  ],
  "seconds": 300
}

I appreciate any help.
Cristian

DavidFW1960 · September 15, 2019, 2:32am

try adding https:// to the front of the base url

crboffo · September 15, 2019, 2:37am

Thank you for the suggestion. Unfortunately it did not work

DavidFW1960 · September 15, 2019, 2:40am

OK so on your router, you are forwarding external port 443 and 8123 to internal 8123 to the Pi?

If so, you can try:
https://domain:8123 or https://domain and see if those work

Also, if if 's not working, how do you KNOW your setup worked?

crboffo · September 15, 2019, 2:44am

I assume it worked because I can access via http://domain:8123

On the router I have no option for external or internal ports. I only have ports so I forwarded both 443 and 8123 to the device where HA is installed.

Thanks for helping

DavidFW1960 · September 15, 2019, 2:47am

what does the log for the duckdns addon show? Is the ssl certificates actually existing in the locations shown? You could try commenting those out.

I don’t have them in my config but I am using a reverse proxy with LetsEncrypt…

FredTheFrog · September 15, 2019, 10:20am

Move your TCP/IP port number to a separate line in the configuration.yaml file:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
  base_url: https://my-ha-site.duckdns.org
  server_port: 8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Mutt · September 15, 2019, 10:41am

I prefer to be able to use both the local instance and the one over external wan pretty much at the same time

crboffo · September 17, 2019, 1:10am

I think the problem is my modem. It does not allow to define ext and int ports. This does not allow to point 443 to 8123.

DavidFW1960 · September 17, 2019, 1:12am

So if you can forward 443 to 443 or 8123 to 8123? You could look at using a reverse proxy like Caddy…

crboffo · September 17, 2019, 1:15am

Thanks. I will look into that.