This seems to explain it.
Just installed duckdns and letsencrypt and all was well until I added the http code in config. Rebooted and then crashed and can’t get back in. I can still access the files so I deleted the http code from config but still won’t boot.
Ok so I got back in by using https://… Got a bunch of critical error messages saying unsafe etc. Not sure how to proceed now. Afraid to put the http code back in.
Here are the errors I got when connecting using https:
Your connection is not private
Attackers might be trying to steal your information from 192.168.2.*** (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is 192.168.2.***; its security certificate is from ******.duckdns.org. This may be caused by a misconfiguration or an attacker intercepting your connection.
Any idea what Cert_common_name is?
You need to use the domain not the ip address to access. What did you enter for the base_url that caused it to ‘crash’?
Hi,
I’ve setup remote access for my Home Assistant and installed DuckDNS add-on in order to encrypt the data traffic. I followed the exact configuration and setup as in this add-on’s documentation. It works now and I can access my Home Assistant from a https URL remotely. However, I realized that I can longer access my Home Assistant via a local IP address (192.168.1.xxx:8123) when my laptop is connected to my local home network. I don’t like this idea. If my ISP has a connection disruption and I have to relay on cellular network or other means to get to internet, in order to operate my Home Assistant.
Is there anyone knows how to setup the access to Home Assistant both remotely (with encryption) and locally?
PS. I tested the setting without encryption, by simply stopping the DuckDNS add-on and remove the http configuration in the configuration.ymal, then I was able to access my Home Assistant both remotely and locally, but no https://. So I believe the issue is with my DuckDNS encryption add-on stopping the local access to Home Assistant.
The issue isn’t duckdns. You need a reverse proxy to restore functionality. If your router supports Nat loop back you can use duckdns internally and externally too…
Hi, David,
Thank you very much for the reply. It sounds a bit complicated.
My router is Netgear XR7000, which supports NAT loopback. Doesn’t this functionality allow an internal user to access the internal server with a public IP address? However, I want an internal user to access an internal server with a local IP address, instead of a public IP. Strangely, I am not able to do so now, with the Home Assistant.
I was following a guide and its sample code had no base_url entry. Should the base_url be the duckdns address?
Yes it should be.
That’s the issue with setting up ssl and duckdns. You lose access via the local IP address. You could try https://ip-address:8123 and ignore the certificate errors though. I would just use a reverse proxy though and all these issues will disappear.
Got it! Thanks David.
I am wondering if DYNU is somewhere on the roadmap to be added fro DNS validation. Thanks!
Hi, totally new here, learning as i go.
I have to make sure: All i have to do is create a domain in duckdns, portforward and install the add-on and the connection will be secure? Is there someway i can verify and confirm it?
If I follow this guide will all my other port forwards (Portainer, Sonarr, OMV…) also be protected by LetsEncrypt or only my HomeAssistant Port Forward?
Might be easier to use this. But either way you’ll need to setup the config for any other ‘ports’ you access.
Thank you! Will look into this! So bascially I would not be forwarding my ports in my router anymore but do it in the NGINX interface via Home Assistant?
You’d still need to port forward your router. This just provides a proxy and letencypt easily ontop of nginx
1 Like
Dont know what youtube you have looked at but I found this very easy to follow even if I now use cloudflare Access your internal websites! Nginx Reverse Proxy in Home Assistant. - YouTube
You are very kind for sharing this video! I will have a look at this right away as I am quite overwhelmed with setting this up. 
But it does make the system more secure, right? Everyone keeps telling me I shouldn’t be port forwarding by use a reverse proxy instead.