DuckDNS Setup

I did that also with no luck. When you set the port forward’s did you restart the router before you attempted to connect with letsencrypt?

yeah. So I stopped (and unistalled) DDNS. Did the port forwards on my router and rebooted it. Then installed and configured the settings in DDNS. Start DDNS. Restart hassio, then edit the http: portion of the configuration file. Use the validate configuration tool and see if it works. If so, restart hassio.

once I get remote access working properly, I’m going to take a snapshot and save all my configs, then I’m going to try it from scratch and see if I can get a proper step-by-step for new folks. I want to get my remote access working first though.

I think i know what the problem is.
On a fresh install, I setup DuckDNS only. I configured per instructions
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “/ssl/fullchain.pem”,
“keyfile”: “/ssl/privkey.pem”
},
When DuckDNS tried to save the cert to that direcrtory, error was
“/ssl//ssl/fullchain.pem” doesn’t exist.
So i believe the instructions are wrong, in that you shouldn’t use /ssl in the DuckDNS config, but use /ssl/ in the configuration.yaml.

Correct Config should be

{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “yourtokens”,
“domains”: [
yourdomain.duckdns.org
],
“seconds”: 300
}

Once it fails, you have to uninstall and reinstall the add-on so that it generates and saves the certs properly.

can we have a proper procedures documented ?

Also, a couple of notes:

  1. You should have the domain already setup at duckdns.org
  2. Make sure your system has DNS working. (try ping www.yahoo.com)
  3. Make sure you put in the proper config
  4. Make sure to copy your duckdns token properly, and include the " in the options section.

Thanks for the tips!!!

I have been trying to get this sorted out for the whole DAY! Followed your instructions and got my certs!

Thanks!

@cthomeauto My DuckDNS settings were correct for the certfile. I actually think it has that set up and working correctly. My issue is now that I can’t access my hassio from outside the network. If I type in https://*******.duckdns.org, I get nothing (I also tried on my phone, off network). However, if I ping that url from the command prompt, I do get a reply from my external ip address, so it appears that DDNS is routing to my ip correctly. Do you have any idea why I’m still unable to get external access working?

I have been trying this for a 100 times now but I still get the error below:

starting version 3.2.2

INFO: Using main config file /data/workdir/config

ERROR: Problem connecting to server (get for https://acme-v01.api.letsencrypt.org/directory; curl returned with 6)

If I type in the above url in my browser I get the following:
{
“G_7AR5IcRqE”: “https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
},
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert
}

However, using the same url from within my hassio / duckdns config does give me the error above.

I had the same problems as above but fixed now.

Everything was working with DuckDNS addon and then a couple of weeks ago it stopped working I did heaps of research and Lets Encrypt / DuckDNS were having some issues to due vulnerabilities etc got in touch with duckdns.org as I could not ping mydomain.duckdns.org but then I followed the post below and all works now but than again I did not try to ping mydomain.duckdns.org this morning so could be a co-incidence and duckdns.org had a problem but then sorted and that is the reason for it working. I also generated a new duckdns.org token manually from the website that might have been it also?

Anyway it works for me so hope it helps you guys:

I am also getting this error now “ERROR: Problem connecting to server (get for https://acme-v01.api.letsencrypt.org/directory; curl returned with 6)”

What is weird is:

  • This has always worked before. Now it doesnt.
  • I can actually still use my site via mysitename.duckdns.org:8123
  • The addon doesnt start

A) How do I fix this
B) Why can I still reach my HA, when the addon wont start?

I was able to resolve this issue today thanks to the post above from @inspired.

I have hassio running in a virtual box on a Synology NAS. I am using a minimalist Ubuntu version so I had to first install resolveconf with: sudo apt-get install resolvconf. Afterwards I followed the steps described in the linked post and everything started working directly.

1 Like

Glad it helped I was going around in circles.

Hi
If your configuration.yaml has mysitename.duckdns.org as base then you can access direct.

Try following post above and with resolve.conf and maybe regenerate token from duck dns and add to duckdns addon?

Hope this helps

Update
Okay works now,
added

  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

to my config file under http. that did the trick.

So I managed to get the DDNS installed correctly
Log says this:

starting version 3.2.2
# INFO: Using main config file /data/workdir/config
+ Account already registered!
Wed Jan 31 08:31:07 MST 2018: OK
xxx.xxx.xxx.xxx
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing xxxxxx.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till May  1 13:43:49 2018 GMT (Longer than 30 days). Skipping renew!

The problem is I cannot access HA with https
Says “Site cannot provide a secure connection”, http works still though.
I know I’ve seen others with this issue bit cannot remember the solution.

I have tried setting my base url to my DDNS with and without the :8123. did not work
Also fiddled with the DDNS setting, like adding :8123 to the config but that didn’t work

Any thoughts…
thanks

I just wanted to follow up and say that I finally found a solution to my problems. Turns out, it wasn’t related to Home Assistant at all. I had forgotten that my landlord shares her internet with me. My router is hooked up to hers, and I forgot to forward the ports on her router. I did that last night, and all of a sudden I can access it from outside the network! Now I’m just having a router loopback issue, but I think I can either solve that or just deal with it.

@yesimwilliam What are you router port settings? I think you should be able to close the 80>80 and 443>443 rules, and just leave 8123>8123 open. When you close 80>80, I don’t think http will work anymore.

@Ccheese4 Ironically I only had port 8123 open when I set DDNS up this morning.

I think i am having a similar problem to you all. Had trouble free operation until this week and now I cannot access My UI from my duckdns address or my internal IP address. Interesting my android app that using winsocks? Is connecting fine, and dashboard (not secure) is working ok.
Now because i cannot access my UI i cannot turn off the plugins to revert back to unsecured so i am not sure where to go next. Tried just removing the ssl config lines from the config file and then nothing works except my secure connection to configurator. And of course i am worried how i get back into configurator if the changes do work and the http address for it no longer works. But then i might be able to correct that from the hass.io menu once i get back into the UI!

Any help would be much appreciated to make sure i do not kill my install completely

To get mine working, I had to temporarily forward port 80 to 80 and 443 to 443 on my hassio box in the router. It didn’t seem to work with port 80 and 443 both going to 8123. After the certificate was renewed, I changed port 80 and 443 back to 8123 for normal day-to-day usage.

While this made it work, it certainly makes it more difficult to “set and forget” with automatic renewals.

1 Like

Thanks, ill give it a try