I’m not familiar with VM environments. Since you’ve found the /ssl directory, /config contains the home-assistant.log file. This file should have the error information on why the UI isn’t coming up.
Now I am truly lost. Received my Raspberry Pi today, fresh install and the only thing I tried is install DuckDNS with the above mentioned config and add the “http” section as described above
And…also no booting up. Haven’t been able to grab the log file since I cannot login anymore. I was able to find the /ssl directory from within the UI using the terminal addon. Since I cannot get into the UI…also no log…
Any further ideas?
So you had the default_config UI once you booted up from the fresh install? Did you attempt to install SSH or Samba?
Yes, absolutely default, only created a user and installed DuckDNS and FileManager addon.
Added the configs as described…and no boot to UI.
@nickrout: no…did not install any further addon yet.
Is the plan to install SSH/Samba to retrieve the log file when it does not boot to UI?
Yes. SSH to login into the host and execute commands. Samba gives you easier access to the homeassistant file system used to configure the UI and add-ons.
So, I created a brand new installation again. Installed Samba, Terminal and DuckDNS. Config as provided below. Certificates get generated, I can download those and see that the keys are stored properly.
Again, as soon as I add the 2 http lines in the Configuration.yaml file it does not boot to the UI. Unfortunately there is no information in the log file at all. I let it sit for an hour or so, but nothing happens…
under the “.config” directory I did find another file called “http” with following content:
{
"version": 1,
"key": "http",
"data": {
"ssl_certificate": "/ssl/fullchain.pem",
"ssl_key": "/ssl/privkey.pem",
"ip_ban_enabled": true,
"login_attempts_threshold": -1,
"cors_allowed_origins": [
"https://cast.home-assistant.io"
],
"ssl_profile": "modern",
"server_port": 8123
}
}
somehow it seems that HASS already knows where the perm files are. Is the listing in the configuration.yaml really necessary?
I think I need something, since I still get an SSL error when trying to use the adress either via the IOS app or when I try to activate my custom Alexa skill…
I use the iOS app, so can comment about how it should work, but no experience with Amazon “Alexa”. What does your DuckDNS log that appears in the add-on log tab show?
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing xxx.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Mar 7 13:26:41 2021 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
[19:30:49] INFO: OK
AFAIK I should only need to forward port 443 to 8123 and use https://xxxx.duckdns.org as URL for the iOS App… But then I get an SSL error
I have 443 -> 443 as a forward.
Tried that too… I just can’t figure it out. It cannot be that hard…?
No, it shouldn’t, but there are several threads discussing it here. Took me three tries lasting several hours each to get it all working in my installation. Good luck.
Thanks Gary for trying to help me here. I also tried that port forwarding config, but I think the problem is somewhere else. As I stated…adding the http section to the config seems to be the issue…
Sorry I couldn’t help. Our installations are different enough that what works for me doesn’t for you. You could try asking on Discord.
I did find the solution with some help from the community…I tried to access the UI with http…didn’t use https. I thought internally I could still access it that way, but that was the issue.
I now also set up NGINX to be able to access locally and it now all works…
Thanks again!
This article states “This means that it’s not needed for the user to open any ports!”
Can anyone explain how this remote access works, without opening any ports? [on the router].
I would have assumed that port forwarding would be needed from 8123->8123 or 443->8123, i.e that we need to open port 8123 or 443 (or some other port) on the internet facing router?
Which article? It probably means using DNS validation for issuing SSL certificate not remote access.
1 Like
Thanks. Referring to the one here, that all these (177) comments are replying to. If you scroll to the top of this very page you will see the reference.
As @DavidFW1960 said, The part about no ports is specific to obtaining the certificate. Not for remote access. When this guide was written in 2018, the only way to get a valid SSL cert for home assistant was using methods that required opening extra ports specific for obtaining the certificate. Ports are still required to be opened to access your home assistant instance remotely.
The DNS-01 challenge is using the DNS record of the domain instead of interacting with the server. This means that it’s not needed for the user to open any ports!
This line is saying that you don’t need to open any ports for the DNS-01 challenge. Not for remote access of home assistant as a whole.
1 Like