Hi again,
How long did it take for the certs to update? I have changed the ports and rebooted and checked the key files and are still dated as November.
Thanks
Ok, managed to get into the UI finally, by overriding the security block on my browser (only works for me on my android phone using google) and done some more digging.
My SSL full chan and privkey files are in my /ssl folder and have been working fine. However it has not auto renewed.
When i look at the duckdns addin i see it is not running. When i run it i get
Starting version 3.2.2
INFO: Using main config file /data/workdir/config
ERROR: Lock file ‘/data/workdir/lock’ present, aborting.
No idea why but the add in then stops. But i am still getting into the setup on my android phone in chrome by overriding the security warnings on HTTPS, and bizarrely using my duckdns address with the :8123 on the end!
The options file show the file path to my full chain and pric keys files as
“/etc/letsencypt/live/mydomain.duckdns.org/“.
My duckdns token is in the options and has not changed
As it has been working fine for months i assume I don’t need to change this as per your instructions on this thread?Or do i?
I set ports 80:80 and 443:443 and the certs have not updated in the last 5 hrs, not sure if i need to leave longer, or create some sort of notification to cause it?
1 Like
I have been trying to connect to mydomain.duckdns.org for awhile now and cannot figure out what I am doing wrong.
I can ping mydomain.duckdns.org
I can ping the ip address in the logs that was removed from the below logs.
I cannot access mydomain.duckdns.org no matter what I try, http, https, the ip below.
Home Assistant 0.67.0 on rasberry pi.
My config is…
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “mytoken”,
“domains”: [
“mydomain.duckdns.org”
],
“seconds”: 300
}
My logs are below…
Log
starting version 3.2.4
INFO: Using main config file /data/workdir/config
- Account already registered!
Sun Apr 15 22:14:05 CDT 2018: OK
ip address removed
NOCHANGE
INFO: Using main config file /data/workdir/config
Processing mydomain.duckdns.org
- Checking domain name(s) of existing cert… unchanged.
- Checking expire date of existing cert…
- Valid till Jul 13 01:59:59 2018 GMT (Longer than 30 days). Skipping renew!
Could it be a port forwarding issue? I have tried forwarding ports 443 to 443, 80 to 80, and several others.
8123:8123 or 8123:443?
use https://yourduckaddresss.duckdns.org:8123 to access from external and forward port 8123 external to 8123 internal of your HassIO IP address in your router
I just checked and I have those ports forwarded also.
What about my config file…
http:
base_url: mydomain.duckdns.org
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
api_password: myapipassword
Im starting to wonder if my issue is with Google WiFi. The port forwarding options dont seem to be anything like other routers. I can list an internal and external port like 8123>8123 and 443>443 but cannot have 8123 forwarding to both 8123 and 443 that I can see. Google app warns about a collision.
1 Like
set your base URL:
https://my-duck-domain.duckdns.org:8123
or try 443
Exactly what @sparkydave posted directly above your latest posts. Are you even reading what people are suggesting to you?
EDIT: Obviously you can’t forward an incoming external port to two internal ports!
443->443 and 8123->8123 OR you could forward 8123->443 but depending on your setup it might not work (it doesn’t for me). You also might not need 443->443 (I don’t)
Thanks for trying to help. None of those suggestions worked. Also just checked on several port checking sites and they all say my ports are closed.
Thanks
the baseurl you posted from your config is wrong. did you fix that? did you then restart home assistant after you changed it?
are you saying you have forwarded:
443->443
and
8123->8123
I changed the base url to what you suggested above and restarted my home assistant. And both of those ports are forwarded just like you posted above.
If your using hassio and installed the duckdns addon, then your config.yaml must not contain the ports in the base url
base_url: https://mydomain.duckdns.org
The only port forwarding you will need is the 443 > 8123, once done visit the page https:\mydomain.duckdns.org without mentioning any port numbers and it should work.
1 Like
Thanks for trying to help. I wasnt able to get it work.and figured out my issue. I have an AT&T ZTE Homebase LTE modem. Although it has port forwarding settings in the device menu and they appear to function. They actually do not. I did a lot of searching and it seems as though AT&T blocks the port forwarding on their end.
Go to your Raspberry Pi, shut it down, pull out the SD card and stick it into an SD card reader on your pc, find the file named wpa_supplicant.conf on the SD card boot drive.
Are you using the pi over WiFi or Ethernet?
If WiFi then you need to set that file up for WiFi, if Ethernet, set it up for Ethernet, don’t set it up for WiFi and Ethernet. Google for how they file should be formatted for either WiFi or Ethernet.
Save, stick it back in your pi, go do what you’ve been doing to set up the duckdns add-on. Might need to uninstall the add-on then reinstall.
If all that fails and you’re using your pi over WiFi, then set up the wpa_supplicant.conf file for Ethernet and plug your pi in.
Doing that should fix it. I struggled with duckdns for 4 or 5 months, it was the wpa_supplicant.conf file, or it was because I was using the pi with WiFi
Thanks for the reply. I did try with WiFi and with Ethernet. I am back to using wifi now. I think I have narrowed down to the fact that my home internet is LTE and AT&T is blocking any external access to my network. Hate to say it but I gave up on it. Spent way too many hours trying to figure it out. I would love to have it working but gotta have a life outside of this.
I had similar issues and none of the above steps solved the problems I had. I found a complete set of steps in another forum which did work at once. This is a full reset of DUCKDNS and LETSEncrypt
Step 1. Uninstall DuckDNS from HassIO.
Step 2. Goto your routers port forwarding settings. Forward port 80 external to 80 internal at your pi’s IP. Do the same with 443 external to 443 internal at your pi’s IP.
Step 3. Re-Install DuckDNS with your key, accept terms and domain and start the add-on. Keep refreshing the logs down the page to ensure that DuckDNS has created the certs. This may take 10-15 mins it did for me.
Step 4. Once DuckDNS has created the certificates add these lines to your configuration.yaml
http: base_url: https://my-domain.duckdns.org ssl_certificate: /ssl/fullchain.pem ssl_key: /ssl/privkey.pem api_password: Secure password
Save.
Step 5. Go into your routers port forwarding settings delete the port forward 80 external to 80 internal and change 443 external to 8123 internal at your pi’s IP.
Step 6. Restart Home Assistant and navigate to https://my-domain.duckdns.org or whatever your domain is. Enter your password set in api_password: and log into Home Assistant.
This video is also a good guide- https://youtu.be/BIvQ8x_iTNE
Hope this helps! If this still didn’t work your ISP may block ports 80 and 443. You can usually check their website to see what ports the block or call them.
6 Likes
I’ll give this a try this weekend. I have DuckDNS add-on work as far as it creates the certificates and doesn’t give me any errors. Maybe I have my configuration yaml settings wrong. I’ve tried several settings that others have posted but not this one.
Thanks
This solved my recurrent issues. Thank you so much. I suspect that the issue for me had been not having the port 80 -> 80 and 443 -> 443 mappings setup and activated for the duckdns install and certificate generation.
I cannot thank you enough - this has been bugging me for months
I’m glad it was helpful … 
I tried so many instructions always with different results, but this seems to be a solid solution.
Oh alright I should have asked about your internet. At least there’s home assistant cloud now though, that would take care of it.