DuckDNS Setup

Can anyone give me a step-by-step on the setup of DuckDNS? I’m doing something wrong, and I’ve tried to follow the instructions on the component page. Here’s what I’ve done

port forwarded 8123 to 8123 on my router
set up a DuckDNS url and token
Added the following to my configuration.yaml

http:
    base_url: https://my-url.duckdns.org:8123
    ssl_certificate: /ssl/fullchain.pem
    ssl_key: /ssl/privkey.pem
    api_password: !secret api_password

Added the following to my DuckDNS Options

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my-key-inserted-here",
  "domains": [
    "my-url.duckdns.org"
  ],
  "seconds": 300
}

Finally, I’ve started the DuckDNS Add-in. I’m unable to access hassio at https://my-url.duckdns.org:8123 (I used my cell phone and it didn’t work). I’ve also tried replacing my url with external-ip:8123. What am I doing wrong?

I’ve never been able to get this to work. From what I’ve seen letsencrypt has disabled the ability to get a new certificate because of some security issues. Nobody has been able to give me a straight answer on how to get encryption working. Maybe just wait until letsencrypt re-enables new certificate.
Until then I keep searching for new ways to get this to work.
Right now I’m using this method here

Of course I ran into an error at the letsencrypt part so I’m stuck again.

I get an error when I try to install certbot-auto, says the connection was reset by the peer, whatever that means. Sounds like something is disabled on the letsencrypt side, go figure.

Everytime I run into a road block its from the letsencrypt side so maybe its because of them disabling new certificates.

Oh I see you are using https, because the encryption is not working the https will not work. try using http instead, That should connect but of course it will not be secure.

If you’re using SSL (unless something is drastically different in hass.io) you should be forwarding port 443 to 8123, and using your duckdns url without a port number on the end.

I’ve done just that no less than 10 minutes ago and I get this error. Even when letsencrypt site says all systems are operational.

starting version 3.2.2
# INFO: Using main config file /data/workdir/config
+ Generating account key...
+ Registering account key with ACME server...
ERROR: Problem connecting to server (post for https://acme-v01.api.letsencrypt.org/acme/new-reg; curl returned with 52)
Error registering account key. See message above for more information.

I used this guide (link)

Don’t use the Let’s Encrypt add-on, just the Duck DNS one.

if you’ve port forwarded correctly, you shouldn’t use the :8123 in the url, only https://my-url.duckdns.org

Cheers,.
Marius

I am not using the letsencrypt addon, only DDNS as it has support built in for letsencrypt.

So again I see another tutorial that does not work, for me at least. I have done exactly what the link that @hopeless1 posted countless times with the same error every time over the last two weeks.

So cannot figure out why it seems to work for everyone else. I’ve even gone so far as to do a fresh install of HA on my Pi and still get the same error. I keep hoping that eventually someone will come along and give me some sort of into that will provide success.

Nobody has given any insight into the error I posted above, as I have posed this error in multiple threads.? Specifically the part that says:

Problem connecting to server (post for https://acme-v01.api.letsencrypt.org/acme/new-reg; curl returned with 52)

I’ve researched this on multiple forums, this one, letsencyrpy and other various coding forums and nobody has ever given a reason for this error.

Even with the method I used in my first post, which is a more manual method, I get errors that prevent me from successfully completing the setup. Again nobody has given any relevant into what the errors mean.

Forgive me if I seem irritated as this is getting really frustrating and it seems to be working for most everyone else as I continue to struggle.

Thanks

Thank you guys for all the quick replies. @hopeless1, I’m going to have to try that process from scratch when I get home. It looks like the only thing I did differently was put a port number in my address bar (like @Mariusthvdb said not to do). I’ll do the whole process from scratch anyways and see if that gets anywhere.

@yesimwilliam Wow it sounds like you’ve been having this issue for a while. When I was bumbling around trying to find answers, I saw mention that it might not work if your ISP has you on a changing IP address. I thought that DuckDNS and Let’s Encrypt were supposed to work regardless, but maybe that’s your problem? I’m terrible at everything related to networks, so I don’t really know what I’m talking about.

I’ll update you guys tonight on if I get it to work with your suggestions. Maybe someone should look into updating the official documentation on DuckDNS? It’s outdated and not very helpful at all.

This is so true, well said

ok, here’s an update. I followed the guide linked by @hopeless1 and I still can’t connect. Here’s some specifics.

  1. Samba still works. I can still connect to my Pi and edit config files.
  2. firefox and chrome both won’t connect to the frontend. Firefox says “The connection was reset” and Chrome says “------.duckdns.org refused to connect”
  3. I can ping and get a response from the ip of my Pi through the command prompt (Windows 10)

Anyone have any further ideas on why the frontend isn’t working? Thanks

So did you actually get the letsenctypt part to work. You have the pem files in /ssl folder?

What ssl folder and pem files? I was under the impression that Let’s Encrypt was integrated into the DuckDNS addon now, and all I had to do was change the value to “true”

I’m pretty sure when you run the DDNS add-on with its integrated letsencrypt support that these files are placed there when you start it and it fetches the certificate from letsencrypt. Did you check the logs in the DDNS add-on page for clues of whats going on?

This is what my log says. It generates an account key, then tries to register it with the ACME server but fails to connect to the letsenctypt server for some reason.
I’ve tried this some many times it fails every time and I don’t know why.

mine doesn’t generate those files

I actually think I found part of the problem. My frontend works when I enable DDNS (without changing the config file http section) When I go to change the http section, I tried to validate the config and it failed. It fails when I add the following lines

ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Any idea why that is? Do I need to force these files to generate somehow?

This is because there is no fullchain.pem and privkey.pem in your ssl folder, presumeably because the DDNS didn’t work correctly, as in my case. If you can’t get it to generate a key and connect to letsencrypt then you won’t have those files and the conf will be looking for them and not find them and that will cause the config to fail.

I don’t know if you can force them to generate as that would seem to be a security issue for letsencrypt

Seems like you are in the same boat as me. I wish someone with more knowledge than me would chime in here and help us out.

Did you look at the log section of the DDNS addon? What does it say?

I’ve seen some say that it puts the files in other locations like /etc/ssl/. Maybe poke around and see if they are located somehere else. If you find them then just update the config to the correct path.

Here is a question?
If I check this,
curl https://acme-v01.api.letsencrypt.org/
I get a statuscode of 200 and a status discription of OK

but if I curl this
https://acme-v01.api.letsencrypt.org/acme/new-reg

I get this,

curl : { "type": "urn:acme:error:malformed", "detail": "Method not allowed", "status": 405 }
At line:1 char:1
+ curl  https://acme-v01.api.letsencrypt.org/acme/new-reg
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Probably nothing but just checking…

@yesimwilliam I got a little closer. I think I got my license files to generate, as I no longer get an invalid configuration when I have the ssl_certificate: /ssl/fullchain.pem and ssl_key: /ssl/privkey.pem lines in my configuration file. I think what finally did it was having port 80 to 80 and port 443 to 443 open on my router during the initial startup of DDNS w/ Let’s Encrypt. I was getting that same acme error that you were getting before that. Give that a shot and see if it works for you.

@yesimwilliam So now I’m to the point where I can access hassio locally using https://ipaddress:8123, but I still can’t access it remotely (i.e. https://********.duckdns.org:8123). Let me know if you get to the same point as me and figure it out.