DuckDNS/Let'sEncryt Error

gautier23 · January 27, 2020, 9:42pm

Hi guys,

I’m trying to install DuckDNS addon in hassio, but got error (I also found this error in old topic, but I did’nt found any solution for my case).

Here my configuration :

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "XXXXXTOKENXXXXX",
  "domains": [
    "XXXXX.duckdns.org"
  ],
  "seconds": 300
}

DuckDNS seems good :

# INFO: Using main config file /data/workdir/config
+ Account already registered!
[22:31:29] INFO: OK
PUBLICIP
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing XXXXX.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Apr 25 11:16:28 2020 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
[22:36:33] INFO: OK
PUBLICIP
NOCHANGE

configuration.yaml

http:
  base_url: https://XXXXX.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

When I check server configuration :

Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/ssl/fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got '/ssl/privkey.pem'. (See /config/configuration.yaml, line 6).

Port forwarding on my box are OK (8123 to 8123)

My /ssl directory is empty.

Any help ?

bpsmicro · January 27, 2020, 10:37pm

Your ssl directory needs those two pem files in there. Those two config entries are looking for the files you’d have generated/exported as part of your cert generation.

Mutt · January 27, 2020, 10:42pm

My best suggestion is outlined in : -

Markus99 · January 27, 2020, 10:52pm

Personally, my configuration.yaml has:

http:
   base_url: https://XXXXXX.duckdns.org
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem

and my DuckDNS add-on configuration matches yours.

I will say, for the first time in a year using it, I had to completely remove the add-on and all associated dirs/files with it - reboot - login via local URL and reinstall it from scratch. Was a complete hassle (as nothing had changed), but back and working now thankfully.

You’ll also want to ensure your port forwarding is done correctly w/in your router - this is covered in docs / numerous YouTube videos.

gautier23 · January 28, 2020, 7:47am

Thanks for your reply !

Who generated this two config files ? (fullchain.pem and privkey.pem ?)

In all YouTube Tutorial or no one generate these files.

gautier23 · January 28, 2020, 7:50am

Hi Markus99,

I followed the DuckDNS configuration on HA page (https://www.home-assistant.io/addons/duckdns/#home-assistant-configuration)

http:
  base_url: https://my-domain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

DavidFW1960 · January 28, 2020, 7:59am

Is it :8123? Are you forwarding 8123 to 8123? Would normally forward 443 to 8123 and then not specify the port in the base_url

gautier23 · January 28, 2020, 8:55am

I just followed the documentation.
I will try to forward 443 to 8123 and then remove port in the base_url. Will see tonight

Markus99 · January 28, 2020, 12:18pm

That’s what I’m currently doing. Forwarding 443 -> 8123

EDIT: Original had typo SSL is port 443, not 433, corrected above.

gautier23 · January 28, 2020, 12:57pm

Hmm ok I will try it, but why this should not work on port 8123 ?

gautier23 · January 28, 2020, 4:33pm

Same with port redirection 443 to 8123 and with base_url in https://XXXXXX.duckdns.org

Any idea ?

DavidFW1960 · January 28, 2020, 9:51pm

Is this only when you are on your wlan? Does it connect if you are on 4G? It might be your router doesn’t support NAT loopback

gautier23 · January 29, 2020, 9:24am

Found my solution.
Redirection was working, I just regenerate a subdomain in duckdns.
I also change my remote and local port (for somes security reasons :)) and this is working fine.

Thanks for help !