Duckdns not working with https only http remote access

Hi everyone,
Rasp Pi 3 B+
HassIO - latest version

I’m trying to configure remote access using duckdns and I finally succeeded, however I can’t get it to work as a secure connection, only http, not https.
Have spent around 5 hours with minimal progress in trying to get this to work, i have mainly followed JuanM’s tutorial: https://www.juanmtech.com/hassio-duckdns-add-on-set-up/. Last resort… ask the question.

Here are my configurations:

'configuration.yaml':
    # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
     http:
       base_url: myaddress.duckdns.org:8123
       ssl_certificate: /ssl/fullchain.pem
       ssl_key: /ssl/privkey.pem

DuckDNS:
    {
      "lets_encrypt": {
        "accept_terms": true,
        "certfile": "fullchain.pem",
        "keyfile": "privkey.pem"
      },
      "token": "bf440686-820e-4a0a-bca0-bc7c39800ac8",
      "domains": [
        "https://myaddress.duckdns.org"
      ],
      "seconds": 300
    }

Port forwarding on my home gateway (router):

I am able to gain remote access when i type http://myaddress.duckdns.org:8123 but with https://myaddress.duckdns.org:8123 I get a browser error (time out or ERR_SSL_PROTOCOL_ERROR).

Have I done something wrong? Does it really matter if it’s not an SSL connection?
Thank you for your help :slight_smile:

What does the log of the duckdns add on say about making the certfile?

Do you have the samba add on installed? If so check that the /ssl folder has the two certificates in it.

Finally, after making the changes to your configuration file, did you restart?

Hi Silvrr,

here’s what the log says:

        #INFO: Using main config file /data/workdir/config
        + Account already registered!
        Thu Dec 13 16:27:16 AEDT 2018: KO
        # INFO: Using main config file /data/workdir/config
        Processing https://45bcrammond.duckdns.org
         + Creating new directory /data/letsencrypt/https://45bcrammond.duckdns.org ...
         + Signing domains...
         + Generating private key...
         + Generating signing request...
        end of string encountered while processing type of subject name element #1
        problems making Certificate Request
        Thu Dec 13 16:32:38 AEDT 2018: KO
        Thu Dec 13 16:37:40 AEDT 2018: KO

I checked that the certificates are there in the SSL folder and they’re definitely there…
I did restart yes, through the configurator I just clicked ‘restart hass’.

I can see in the duckdns log there was a problem making the cert request… but i’m no idea how to fix it or what the actual issue is?

The two certificates are .pem files - is that correct?

I’ve also tried having my external port as 443 in my port forwarding but no success there either…

Hi

i’ve stucked at this point for the last two weekends but now I FINALLY GOT IT.

the problem is the f router configuration.

First i had my 443 port redirected to the 443. with this forward the Duckdns start works fine and the configuration add-on was working well with https BUT the main page wasn`t

then I changed my 443 port redirection to 8123 and then “magia!”

|hassio|8123|8123|192.168.1.107|TCP||||
|https|443|8123|192.168.1.107|TCP||||
|hassio config 3218|3218|3218|192.168.1.107|TCP|

I’m trying to include my configurations but i’m new and they don’t let me

here es my yaml configuration:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
     api_password: password1234
     ssl_certificate: /ssl/fullchain.pem
     ssl_key: /ssl/privkey.pem 
     base_url: https://mydomain.duckdns.org:8123

and here my duckdns configuration (change your token and domain)

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "a333333f-663a-4f3a-8eb5-33379d333138",
  "domains": [
    "maydomain.duckdns.org"
  ],
  "seconds": 300
}

here the logs after the duckdns installation

INFO: Using main config file /data/workdir/config

  • Generating account key…
  • Registering account key with ACME server…
  • Done!
    Sun Dec 23 20:56:23 UTC 2018: OK
    myIPhere
    NOCHANGE

INFO: Using main config file /data/workdir/config

  • Creating chain cache directory /data/workdir/chains
    Processing mydomain.duckdns.org

  • Creating new directory /data/letsencrypt/mydomain.duckdns.org …

  • Signing domains…

  • Generating private key…

  • Generating signing request…

  • Requesting new certificate order from CA…

  • Received 1 authorizations URLs from the CA

  • Handling authorization for mydomai…

  • 1 pending challenge(s)

  • Deploying challenge tokens…
    OK + Responding to challenge for mydomai… authorization…

  • Challenge is valid!

  • Cleaning challenge tokens…
    OK + Requesting certificate…

  • Checking certificate…

  • Done!

  • Creating fullchain.pem…

  • Done!
    Sun Dec 23 21:01:59 UTC 2018: OK
    mydomainip
    NOCHANGE

Hi guys,

I’ve just setup duckDNS in hassio and it seems to be working as expected. I’m able to access the webUI with https, but my chrome browser still says the site in unsafe?? is this normal? I can see the certificate is there. Also when I access the webUI from within my local network I’m also getting the ‘site not secure’ message in chrome. Am I missing something?

Nat port 443 (wan) to 8123 (lan) of hass.

I’m having the same issue and can’t, for the life of me, figure it out. I hate to have to forward ports on my router but apparently I need to in order to connect smartthings to my HA. I keep getting an error that my base url needs to be configured as https but it is so I’m guessing it’s not working because I still can’t connect to my HA using https on my local network or remotely.

I managed to get http working yesterday, both local and remote, by adding a host in the nginx proxy manager addon but no matter how I configure it I still can’t access through https. I get a “connection is not secure” error in Chrome desktop and mobile. I do have the duckdns addon working and I’m running all this on my Ubuntu desktop media server.

I have these ports forwarded in my router:
80>80
443>8123
8123>8123

Anyone have any suggestions? Is there something I need to do on Ubuntu to get this to work?

1 Like

do you managed to get it solved? i’m using google wifi and it seems doesnt work at https:// but work well at http://

Please please please help. it has been 2 weeks but no sucess. thanks

Still no solution? I have the same problem.

You need to provide some details. What are you using to setup your domain and SSL cert? What does you config look like? What address are you using to access. Check the logs for the addon (if thats what you are using) and HA to see what they are telling you and post up relevant info.

Same recommendation as above.

It may be better to start your own thread, when multiple people start posting on a similar issue it can be confusing as to what applies to who.

` tHANKS ALL. i managed to get https:// working now by adding to the configuration. yaml.

http:
base_url: “https://myaddress.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 3

thank you

3 Likes

hello. I am running homeassistant on docker container on raspberry pi 3. I can access it from outside using http but can’t get it to work using https. I followed official link from homeassistant on how to setup tls/ssl, but I think they are talking about when you have homeassistant installed as standalone. anybody successfully installed tls/ssl over docker container in raspi ? thanks

For anyone looking, there’s a nice youtube step by step for settinging up https access here: https://youtu.be/XdiGdC7K4sI?t=546