I’ll have a go!
mine are in /ssl/
if you use winscp, navigate to root and you will see a ssl folder. Thats where my certificates live.
1 Like
OK so I’ve confirmed that the ssl directory exists and the keys are present:
core-ssh:~# pwd
/root
core-ssh:~# cd /ssl
core-ssh:/ssl# ls
fullchain.pem privkey.pem
My config is as per the docs:
http:
api_password: !secret http_password
base_url: https://my_domain.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Finally, I’ve also noticed that the default options from the docs page apparently aren’t actually valid - appear to require the seconds to be configured:
I’ve selected RESET TO DEFAULTS and edited to give the following valid config:
{
"lets_encrypt": {
"accept_terms": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"token": "my_token",
"domains": [
"my_domain.duckdns.org"
],
"seconds": 300
}
I am able to reach the HA front-end at https://192.168.0.28:8123/states. With hindsight it is obvious but I was not appending https. However my logs fill with the error:
2018-04-16 06:42:41 ERROR (MainThread) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
Therefore there is an issue here, but the process does work. My PR to clarify the docs is here.
@robmarkcole OK so I tried again after deleting the /config/ssl/ folder I had added and by forwarding port 8123 on my router everything worked. I have since upgraded to hassio 0.67.0 so perhaps there was a bug before. I have confirmed that fullchain.pem and privkey.pem are in /ssl/ as @DavidFW1960 suggested.
I went through my search history and the error I originally got was Got ‘/ssl/fullchain.pem’ not a file for dictionary value @ data[‘http’][‘ssl_key’]
1 Like
So exactly what I said then 
Just a another way to do that with automatic renew without port fowarding.
There is a simplest way to configure it without care about port forwarding or leave HAS on exposed on WAN just to do automatic renew.
Just to say thank you.
I couldn’t forward external port 443 to internal port 8123 as my router (Netgear D6200) doesn’t have that capability strangely…
Using https://mydomain.duckdns.org:8123 and forwarding external port 8123 to ip.of.my.pi worked for me to access the HA externally.
I am also able to access the HA frontend by adding https:// and :8123 to my internal ip.
I have base url with https://mydomain.duckdns.org:8123 in my configuration.yaml file without the quotes.
I am using HASSIO with DuckDNS addon.
Just one small issue. I have the below error in my log files popping up every 10 seconds or so.
Error doing job: <uvloop.loop.SSLProtocol object at 0x6fe09c50>: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 496, in uvloop.loop.SSLProtocol.data_received
File “uvloop/sslproto.pyx”, line 204, in uvloop.loop._SSLPipe.feed_ssldata
File “uvloop/sslproto.pyx”, line 171, in uvloop.loop._SSLPipe.feed_ssldata
File “/usr/lib/python3.6/ssl.py”, line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:777)
I haven’t found any other issues yet.
Does anyone know if i need to be concerned? Thanks in advance.
Great tutorial. I may have missed something, how to get HASSio to update the Google Domain? It seems mine is pointed to my provider local office for some reason. This is what I have in my Config.yaml file
google_domains:
domain: homeassistant.***************.com
username: !secret google_domain_user
password: !secret google_domain_pass
Any suggestions?
Hi all,
I had all working properly. During my holidays i guess my certificate expired. I was only able to access my setup without https. I figured ot that my duckdns add-on had stopped, but i’m not able to start it again. My logs on the add-on page is empty. Can someone help me out?
greets,
Rudolf
I installed DuckDNS (and not let’s encrypt, because of the warning not to use them both).
I followed the instructions above for the configuration.yaml, but got this error when checking the config: invalid config for [http]: not a file for dictionary value @ data[‘http’] [‘ssl_certificate’] Got ‘/ssl/fullchain.pem’
And the same for the ssl_key.
What did I do wrong
Not sure about that. Im not using homeassistant to update my DDNS ip. I use my router to do this using its built in DDNS features.
Did you set accept_terms:true in the lets encrypt settings?
Not sure what has happened but since upgrading to 78.X I can’t get SSL to work
configuration.yaml:
http:
api_password: !secret http_password
base_url: https://xyz.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
duckdns config:
{
"lets_encrypt": {
"accept_terms": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"token": "e001dbdd-333e-4ee9-a7b7-7239de099325",
"domains": [
"xyz.duckdns.org"
],
"seconds": 600
}
and this is the error in the log
2018-09-20 19:15:05 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
umm… any ideas anyone?
Hi, Noob question: Does this process only work with *.duckdns.org addresses or can I use it to create certs for any domain I own? If so, is the process any different?
I believe I have followed it right, but I cant’ get https to work, http works fine.
This is the only error I can see…
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 242, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
File "aiohttp\_http_parser.pyx", line 519, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: invalid HTTP method
any ideas? Thanks!
Im having the exact same issue
Hi all,
I am new with Home Assistant and stil learning from the available documentation.
Trying to access hass.io from the internet I have followed the same steps as described in @Bobby_Nobble post from 15th April. The result is that now I can’t access UI neither from my home network neither from external.
Connection via ssh shows that HA is running. Also files fullchain.pem and privkey.pem are in /ssl folder.
Any hint or idea ? Thanks.
Yep, I’ve been spinning my wheels over the apparent same issue as Chewee. Now it’s a month and a half later than Chewie having the problem,so…
Hey, Chewie, did you get that solved?
Thanks to a blog post by Andreas Gohr I realized that DuckDNS supports setting TXT records, making it compatible with the DNS-01 challenge of Let’s Encrypt. The DNS-01 challenge is using the DNS record of the domain instead of interacting with the server. This means that it’s not needed for the user to open any ports!
But I DO have to forward a port on my router. What is meant by this passage?
One documentation I read guided you to first set up a test portforward (8123 → 8123) and later on advices you to delete that portforwarding and replace it with (443 → 8123).
Currently I can’t find that doc.
Whats the reason for this?
Is it more unsecure to open the port 8123 to the public than opening 443?
The advantage about the forwarding 8123 to 8123 is that it will be the same URL either in the local or in the public network.
When I change it to 443 → 8123 than I have to open XXX.duckdns.org in a public network and XXX.duckdns.org:8123 in my local network. Or is there a workarround for that?
So it makes no difference (thats my main question) if you chose 443 or 8123 than why use different ports?
EDIT:
This is the doc I was talking about.
headlines 5 - CHECK THE INCOMING CONNECTION and 6 - CLEAN UP PORT FORWARDS
In step 2 we created a port forwarding rule called
ha_test. This opens port 8123 to the world, and is no longer necessary.