nick9one1
December 14, 2019, 12:59am
1
I’ve tried configuring duckdns with SSL as per the guide addons/duckdns/README.md at master · home-assistant/addons · GitHub
I have port forwarded 443 to 8312
I can access http://xxxx.duckdns.org:443/ but not https://xxxx.duckdns.org (ERR_SSL_PROTOCOL_ERROR)
is this correct?
Log
INFO: Using main config file /data/workdir/config
Generating account key…
Registering account key with ACME server…
Fetching account ID…
Done!
INFO: Using main config file /data/workdir/config
Creating chain cache directory /data/workdir/chainsxxxx.duckdns.org
Creating new directory /data/letsencrypt/xxxx.duckdns.org …
Signing domains…
Generating private key…
Generating signing request…
Requesting new certificate order from CA…
Received 1 authorizations URLs from the CA
Handling authorization for xxxx.duckdns.org
1 pending challenge(s)
Deploying challenge tokens…xxxx.duckdns.org authorization…
Challenge is valid!
Cleaning challenge tokens…
1 Like
Mutt
December 14, 2019, 2:09am
2
Sorry, what has ssh got to do with this ?
That looks ok to me.https://domain )
Tinkerer
December 14, 2019, 10:03am
4
You missed a bit - see further down that page
1 Like
Thanks! You’re right I had missed that.
my duckdns config now looks like this;
now I get an error in the log;
INFO: Using main config file /data/workdir/config
Account already registered!
INFO: Using main config file /data/workdir/config
Processing xxxxx.duckdns.org with alternative names: *.xxxxx.duckdns.org
Signing domains…
Generating private key…
Generating signing request…
Requesting new certificate order from CA…
Received 2 authorizations URLs from the CA
Handling authorization for xxxxx.duckdns.org
Handling authorization for xxxxx.duckdns.org
2 pending challenge(s)
Deploying challenge tokens…xxxxx.duckdns.org authorization…
Cleaning challenge tokens…https://acme-v02.api.letsencrypt.org/acme/chall-v3/1726424646/YHjgIA ”,
I’ve also noticed the \hassio\ssl folder is empty. Shouldn’t this have the fullchain.pem and privkey.pem files in it?
Ok. Got past that issue.
I think there was a error in configuration.yaml. I had a different problem of not being able to update HA to to the latest version. Clearing configuration.yaml allowed the update to run.
So I started again, reinstalled duckdns and re-entered the config.
The log in duckdns now looks correct…
Challenge is valid!
Cleaning challenge tokens…
Checking certificate…
Done!
Creating fullchain.pem…
Done!
But I still can’t access from https://xxxx.duckdns.org .
I’m forwarding the local 8213 port to 443
Your base URL is telling ha that it’s on port 8123, yet you’re trying to use port 443. Remove the :8123 from your HA config
Seems to be working now… just required a full restart.
I still have the 8123 port in http;
http:
base_url: https://xxxx.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
I can only connect on - https://xxxx.duckdns.org , http or 8123 on the public url doesnt work. (which is correct I think). I can also connect locally on 192.168.1.4:8123 but I get a warning that the site isnt secure. https://192.168.1.4 doesn’t work.
Because you told HA to only listen on SSL.
You don’t have port 8123 open externally so that’s fine. What I’m saying is that your base_url is wrong. I don’t know how else to say it, but remove the 8123 off of it. You’re not using it.
Correct. This is working as it should then.
nick9one1
December 14, 2019, 7:54pm
10
Thanks, removed
http:
base_url: https://xxxx.duckdns.org
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
jofotoo
April 10, 2020, 5:31pm
11
How did you fix this? I’m stuck in the same place. I seem to recall using certbot last time but i’m not sure.
Thanks
