I had to do some work on my home network recently that required me to reset my router to factory defaults. After that I was able to reload the network settings from a backup file I made before doing any work. I have a TP-Link Omada router, controller, switches, access points. Once the network was back online, I found that I could no longer access my HA using the xxxxxx.duckdns.org URL. I can access it with the local IP address.
When I try to use the mobile app, I get an error message stating “the certificate for this server is invalid”.
I tried clearing the browser cache and then restarting my HA. No luck.
Can anyone help me to resolve this? thanks in advance.
By any chance does the website for HA still work?
And buy some other chance are you using Caddy as a reverse proxy?
If you answered yes to both those questions then you may have the same issue that I had about a month ago.
Turns out it was something called OCSP stapling. I still have no idea what that is but somebody smarter than me brought it up with the Caddy developers.
I deleted my stored certificates for my HA domain and restarted caddy and everything started working again. I guess the Java framework that the home assistant companion app uses is very particular about certificates.
I’ll show my ignorance here. What do you mean by the HA website? I can connect to my HA system using the local IP address. I cannot connect using the xxxxxxx.duckdns.org url and I cannot connect using the mobile app
I’m not using Caddy.
Where would I find the stored certificates to delete them? I’m running HA on a Raspberry Pi 4. I don’t have a good understanding of how to access the files on the Pi. I saw something about deleting a previous version of an SSL certificate, but I don’t know how to go about doing it.
My answer would only apply if you were using Caddy, so please disregard it!
A few diagnostic questions though:
Am I correct in assuming that your duckdns.org address worked at one point to access your HA instance? From both inside (i.e., on your WiFi) and outside your home network?
Do you have a setting on your router called something like “NAT loopback” or “hairpin NAT”?
Do you have problems using the duckdns.org address from outside your home network, inside your home network (i.e., on your WiFi), or both?
Are you running the DuckDNS add-on for HA or a separate script that hits their web service to keep your IP up to date?
If you’re only having a problem internally and not externally, then it’s probably a NAT loopback problem. If your router doesn’t explicitly have an option for this, you can kind of get around it by having a local DNS server which has a record for [YOUR_DOMAIN].duckdns.org and redirects it to the local, internal IP address for your Raspberry PI. This is known as “split DNS” or “split horizon DNS” and it means that when you’re outside your home network, you’ll get the public, external IP, but when you’re on your WiFi, you’ll get the internal IP.
If you’re only having problems accessing from external IPs, then it could be firewall rules or port forwarding.
If you’re having trouble with both internal and external, then, I’d double-check to see that your IP is what DuckDNS thinks it is.
It did work. I used it for several months with no problems at all. Now it doesn’t work from inside or outside my home network.
There is a place to set NAT and port forwarding rules in my router, but there are no rules currently, nor have there ever been. I have not seen any loopback or hairpin settings.
No duckdns.org access from anywhere now. It worked everywhere prior to my work earlier this week on the network.
I am using the DuckDNS add-on.
I went to the DuckDNS site and tried to update the IP, but it said the IP had not changed. The IP address of my Raspberry Pi running HA is a static IP and has not changed. I can pull it up locally using the same IP I’ve always had.
I’m at the point where I may have to uninstall the DuckDNS add-on, reinstall it, and set up a new URL. I don’t know what might have changed when I reset my router. I made a backup just before I did any work on the router and reloaded the router with that information after it was reset so I don’t think the problem is in the router. But I could be wrong. I wish my networking knowledge was greater, but I’ve had to learn it all on the fly over the last few years.
If there are no firewall or port forwarding rules, then almost certainly everything incoming is blocked. If you want to be able to use your DuckDNS domain from external to your network, you’ll have to open a port and forward it to your raspberry Pi on port 8123 or whatever port your reverse proxy is using.
For it to work internally using the DuckDNS URL, you’ll have to look for a hairpin NAT setting. Or maybe it’s just on by default on that router… every router is different. Keep the split DNS option in mind as well as that could be a solution if you can’t use hairpin NAT.
Alternatively, if you subscribe to Nabu Casa’s service then you can use their URL for accessing your home assistant instance and not have to open any ports on your router, and completely circumvent DuckDNS. That should work internally and externally.
Perhaps your port forwarding rules are not correctly restored or missing from your backup all together (or improperly configured), causing your HA to be unavailable to the outside world and thus your DuckDNS domain?
Had the same issue once as well, drove me nuts for a couple of hours…
I had the same issue and could not figure out what was wrong. I just uninstalled the DuckDns addon and re-installed and re-configured it. After I started the addon again I got the success message in the log and my IP address was updated at DuckDns.