DuckDNS/Let'sEncryt Error

Hi guys,

I’m trying to install DuckDNS addon in hassio, but got error (I also found this error in old topic, but I did’nt found any solution for my case).

Here my configuration :

  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  "domains": [
  "seconds": 300

DuckDNS seems good :

# INFO: Using main config file /data/workdir/config
+ Account already registered!
[22:31:29] INFO: OK
# INFO: Using main config file /data/workdir/config
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Apr 25 11:16:28 2020 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
[22:36:33] INFO: OK


  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

When I check server configuration :

Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/ssl/fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got '/ssl/privkey.pem'. (See /config/configuration.yaml, line 6). 

Port forwarding on my box are OK (8123 to 8123)

My /ssl directory is empty.

Any help ?

Your ssl directory needs those two pem files in there. Those two config entries are looking for the files you’d have generated/exported as part of your cert generation.

My best suggestion is outlined in : -

Personally, my configuration.yaml has:

   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem

and my DuckDNS add-on configuration matches yours.

I will say, for the first time in a year using it, I had to completely remove the add-on and all associated dirs/files with it - reboot - login via local URL and reinstall it from scratch. Was a complete hassle (as nothing had changed), but back and working now thankfully.

You’ll also want to ensure your port forwarding is done correctly w/in your router - this is covered in docs / numerous YouTube videos.

Thanks for your reply !

Who generated this two config files ? (fullchain.pem and privkey.pem ?)

In all YouTube Tutorial or no one generate these files.

Hi Markus99,

I followed the DuckDNS configuration on HA page (

  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Is it :8123? Are you forwarding 8123 to 8123? Would normally forward 443 to 8123 and then not specify the port in the base_url

I just followed the documentation.
I will try to forward 443 to 8123 and then remove port in the base_url. Will see tonight :slight_smile:

That’s what I’m currently doing. Forwarding 443 -> 8123

EDIT: Original had typo SSL is port 443, not 433, corrected above.

Hmm ok I will try it, but why this should not work on port 8123 ?

Same with port redirection 443 to 8123 and with base_url in

Any idea ?

Is this only when you are on your wlan? Does it connect if you are on 4G? It might be your router doesn’t support NAT loopback

Found my solution.
Redirection was working, I just regenerate a subdomain in duckdns.
I also change my remote and local port (for somes security reasons :)) and this is working fine.

Thanks for help !