DuckDNS https setup with external and internal url

Configuration
Tags: #<Tag:0x00007f32601fbac8>
#1

Hi all,

I am trying to set up a secure external access with the duckdns add-on, using it’s letsencrypt option.

I keep having an “Unable to establish SSL connection.” error when I try to access my https://my-sub-domain.duckdns.org, where as I can access locally https://homeassistant.local:8123 (note that there is an https and the port 8123).

I looked on the forums, but could not get any leads [EDIT: not requiring installing other add-ons like nginx]. (funnily enough the topic Https duckdns.org setup has the exact inverse problem to mine : it could access from the external url and not from the internal url)

Reading Https duckdns.org setup and looking at JuanMTech’s video (even though it uses the deprecated base_url configuration), it should work out of the box… But it does not.

Just to make sure I test all different parts of the setup and make sure the port forwarding on my router were working, I first made it all work in http (80 => local ip and 8123 as TCP). Then I switched to https using let’s encrypt on the add-on and updated the configuration.yaml accordingly, but it does not work.

My router’s port forward does a 443 => local ip and 8123 as TCP. I tested it on an nginx server on my laptop with a self-assigned key, and it works fine (even though it was a 443 to 443 forward).

In Configuration > General, I have:

  • “External url” set to https://my-sub-domain.duckdns.org
  • “Internal url” set to http://homeassistant.local:8123 (not that there is no https but http instead)

Any lead anyone?

Logs on the duckdns add-on look fine.

If one needs any extra information, I will gladly provide it.

Em

#2

Not very hard

Try : -

#3

Yes, I did see that… but I forgot to mention that I did not really want to use the suggested nginx solution as I want to keep the setup as simple as possible… And according to what I read and saw, it should work fine without needing nginx.

#4

No, not possible
Once duckdns is set up the ssl prevents any connection that is not certificated
So it HAS to be https and it HAS to be via the address the certificate was generated for
The only way round this is to use something like nginx to manage additional connections and protocols

#5

Thanks for the info. I get that this is the reason why the internal url will have to be https in any case, and even show a warning for an invalid certificate. There probably should be some kind of warning in the doc or even on the UI for that. Once I get my stuff working, I might suggest some doc changes.

What I am trying to get to work though, is the external https access through duckdns… And this should have worked out of the box, without nginx.

I found a workaround by following this video, which is more recent than the others (19 August '20… since the fair amount of change in this area recently, I am not surprised). It means that HA has to be accessed through https://esciara-hassio.duckdns.org:8123 (yes with https and port 8123), meaning that my network’s port forward has to be on 8123 and not 443, but it does work.

#6

No, it doesn’t

Yep that’s the fist bit you get working.

But this means that you can only ever access HA if you have a working Internet connection (sort of limiting if you have modem/router/phone line/isp problems)

I do hope that’s not your real address

#7

I meant that access will have to be https. Event thought the “internal url” is set to http://homeassistant.local:8123, it can only be accessed through https://homeassistant.local:8123 . At least, that is what it does on my HA.

As mentioned above, I still can access HA through my local network on https://homeassistant.local:8123, even though it complains the certificate is not valid.

Of cooooooouurse not… :sweat_smile: