Hi,
I’m attempting to play media from Home Assistant to an ESPhome device in my network. When I set my HA config to use http then media playback works just fine. When I set my config to https / SSL I get an ERR_CONNECTION_REFUSED error. This happens both when I play to the ESPhome media player for this device, and when I access the media URL in a browser on a laptop in the network.
I am using the DuckDNS add-on for dynamic DNS and SSL certificate. Https access to Home Assistant works just fine from a browser and the HA Android app, both from internal to my network and external.
As a test I am attempting to access this media playback URL (which I got from my ESPhome devices’ logs when I attempt to play a file from HA media player): https://mydomain.duckdns.org/media/local/StarWars3.wav?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJlNWIzN2I5MTcxYWE0MzFjYjFlNTZlZTM3MWEzMDY4MiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvU3RhcldhcnMzLndhdiIsInBhcmFtcyI6W10sImlhdCI6MTcyNjY0MDkzOSwiZXhwIjoxNzI2NzI3MzM5fQ.8DklPZTeefmuD7coeNuV5_E9fQZeHzl4mIP5eqqwjac
Somehow it seems that when I access that media playback URL, there is something wrong with the certificate (or authSig token) so that the https connection gets refused by HA. Unfortunately my understanding of SSL and certs is quite spotty. I have tried everything I can think of and am stuck. I would appreciate any help or ideas so that I can continue to troubleshoot this. Thanks in advance!
Here’s my configurations:
Home Assistant URL:
Internet: https://mydomain.duckdns.org
Local network: https://mydomain.duckdns.org
I have set up port forwarding in my router:
https external port 443 to internal HA IP port 443 / TCP
https external port 443 to internal HA IP port 443 / UDP
http external port 8123 to internal HA IP port 8123 / TCP
configuration.yaml:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
DuckDNS add-on config:
domains:
- mydomain.duckdns.org
token: 63xxx357-xxxx-xxx-xxxx-xxxxx8a36x06
aliases: []
lets_encrypt:
accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem
seconds: 300
DuckDNS restart log:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service duckdns: starting
s6-rc: info: service duckdns successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[08:35:53] INFO: Starting DuckDNS...
[08:35:53] INFO: Renew certificate for domains: mydomain.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing mydomain.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Dec 8 15:39:34 2024 GMT (Longer than 30 days). Skipping renew!