DuckDns domain not working inside network

Hello,
I´m Using Hassio 0.96 and few days ago I had to change my modem, I configurated everything again, but I can acess my UI mydomain.duckdns.org:8123 from outside my network but can´t from inside. I´ve already open the ports 8123, tried to open 443/443, but nothing seems to work. This is my logs:

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)

I saw other topics but none of them worked, and it seems that verybody else has the problem to access outside network not from inside. Also tried to restart the duckdns addon, but no lucky.

Anyone could help me?

You need Nat loopback set on your router/modem on

sorry the stupid question but how can I do it?

Look up your router instructions, they are all different.

Australia, NBN, through Telstra, and my modem does not support NAT loopback. I was in a catch 22, in that a needed a modem to supported NAT loopback, but I needed to keep the ISP supplied modem to retain my home phone number (long story, but suffice to say that NBN is a bit of a joke in terms of giving you any kind of freedom).

I ended up installing a DNS server on my NAS so that when I am internal to my LAN, a DNS query to xxx.duckdns.org resolves to the internal IP of HassIO. It works but is a bit of a kludge.

Yes, resolving your xxxx.duckdns.org address locally (to point to ha) is another option.

How can I do that? My ISP modem is a joke as well they changed tô a modem that don’t support almost nothing, such as ip reservation and others simples things

Buy raspberry pi.

Install pihole or dnsmasq.

Profit.

Or use the Hassio Caddy or Nginx reverse proxy addons.

Thanks for the tips, any problem using nginx together with duckdns?

I’ve read Caddy is simpler to set up. @DavidFW1960 did a blog post on how to:

https://dew-itwebservices.com.au/setting-home-assistant-up-for-secure-access-over-the-internet/

Regarding DNS, there are PiHole and AdGuard HassIO Addons available, so no need for additional hardware though.

tried to install nginx and gave me this error:

"[INFO] Running nginx...
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx.conf:45"

anyone know whats I´m doing wrong?

rgds

I’m doing a new post today as well now I have it working with a DNS challenge and port 80 closed…

2 Likes

@DavidFW1960 on your blog explanation, You Said It hás to disable SSL parte from Dickens Adson, should I uncomment on .yaml or should I erase on addon’s config?

I have no idea what you are asking as your question doesn’t make sense… (auto-correct?)

on this blog it´s said that it´s needed to disable SSL part from duckdns addon, how can I do that?

According to the docs for the DuckDNS addon, for the lets_encrypt section if you set

“accept_terms”: false

It won’t generate ssl certificates. It actually probably doesn’t matter if you do anyway as Caddy will generate it’s own anyway.