Effortless encryption with Let's Encrypt and DuckDNS


#63

@Vennerberg thanks for the remark. tried that but without succes.

Config file error:
Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got 'fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got 'privkey.pem'. (See /config/configuration.yaml, line 44). Please check the docs at https://home-assistant.io/components/http/ 

any other ideas?


#64

Wait hold on… in configuration.yaml it’s supposed to be as you stated. With https:// and /ssl/ In the hassio config for duckdns it’s supposed to be as I said. No https, no ports and no /ssl/

And remove #


#65

@vvanderhammen
Did it work?


#66

Nope sorry, this is what I have tested:

config Duckdns:
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “token from Duck DNS page”,
“domains”: [
secret.duckdns.org
],
“seconds”: 300
}

So without the /ssl/ ports and https

And my config file is
this is in my configurations file:
http:
base_url: https://secret.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

same error log I’m afraid… :frowning:


#67

Have you open the required ports on the router, 80, 443 and so on?


#68

Yes I Did the following

external port 80 to internal port 8123
external port 443 to internal port 8123
external port 8123 to internal port 8123

Which in my opinion should be oké. :slight_smile: but I could be wrong… :slight_smile:


#69

I’ll check my ports when i get home.


#70

80-8123?? Why? 80-80 is generally needed for LetsEncrypt


#71

@DavidFW1960
Because the DuckDNS ad-on now support the LetsIncrypt. And as it uses that “ad-on” / addition also, my reasoning was to also open that port.

@Vennerberg
thanks for your help! :slight_smile:


#72

If you’re using the Hassio duckdns addon, you don’t need 80 forwarded at all…


#73

nono,
Forward external 80 to internal 80 (TCP)
Forward external 443 to internal 443 (TCP)
(You might have to remove 8123 to 8123)

Start duckdns addon.

After this, forward 443 to 8123. Remove 443 to 443

Do as the video.


#74

Thanks, will try this tonight, from the office is it bit tricky to forward ports at home and restarting plugins. Will let you know what the result was.


#75

The duckdns addon doesn’t require port 80 regardless of any video.


#76

@Vennerberg
You only need to fwd port 8123. No need to do the other ports. Unless my setup was exempt.
I only have port 8123 forwarded with no issues.


#77

If you say so great, but isnt the renewal of certificates done through port 80?
If not, then i’ll close the ports when i come home.


#78

Well I only have port 8123 forwarded and everything including renewals is working just fine.


#79

With the duckdns addon it uses the DNS validation instead of HTTP - that is why it doesn’t require port 80.

Regarding other forwards… if you forward port 8123 to 8123 then you always need to specify the :8123 at the end of the HA URL. If you forward 443 to 8123 then you don’t need to specify any port.


#80

Hi!
@DavidFW1960 seems like you know about the config.

I have a working duckdns. I generated no problem the SSL.

I did a port forwarding from external 8123 to interal 8123 with the pi internal ip.

Checked that the ip in duckdns was correct with another tool (what is my ip) and it matches up.

I added in my configuration.yaml the following:

http:
  base_url: https://specialurl.duckdns.com:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

(obviously specialurl is not the real section)

still i get " This site can’t be reached" when i enter in the browser https://specialurl.duckdns.com:8123

any ideas?


#81

assuming your indenting is correct, you can try removing the /ssl from the cert and key…


#82

updated to the correct format.

if i do what you ask in the configuration.yaml file i get the following:

Configuration invalid
Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got 'fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got 'privkey.pem'. (See /config/configuration.yaml, line 23). Please check the docs at https://home-assistant.io/components/http/