I am new and trying to setup DUCKDNS. The process worked and ports 443 and 8123 are forwarded. I can access HA from outside the house via HTTP, however if I try HTTPS it does not work. Here is my config:

# Configure a default setup of Home Assistant (frontend, api, etc)

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

# Text to speech
  - platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml

and the DUCKDNS config

  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  "token": "my token",
  "domains": [
  "seconds": 300

I appreciate any help.

try adding https:// to the front of the base url

Thank you for the suggestion. Unfortunately it did not work

OK so on your router, you are forwarding external port 443 and 8123 to internal 8123 to the Pi?

If so, you can try:
https://domain:8123 or https://domain and see if those work

Also, if if 's not working, how do you KNOW your setup worked?

I assume it worked because I can access via http://domain:8123

On the router I have no option for external or internal ports. I only have ports so I forwarded both 443 and 8123 to the device where HA is installed.

Thanks for helping

what does the log for the duckdns addon show? Is the ssl certificates actually existing in the locations shown? You could try commenting those out.

I don’t have them in my config but I am using a reverse proxy with LetsEncrypt…

Move your TCP/IP port number to a separate line in the configuration.yaml file:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
  server_port: 8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I prefer to be able to use both the local instance and the one over external wan pretty much at the same time

1 Like

I think the problem is my modem. It does not allow to define ext and int ports. This does not allow to point 443 to 8123.

So if you can forward 443 to 443 or 8123 to 8123? You could look at using a reverse proxy like Caddy…

Thanks. I will look into that.