I set up my RPi with a DDNS through DuckDNS and then setup SSL through Let’s Encrypt. All has been just peachy up until a few days ago, maybe longer as I don’t log in from outside a great deal. However, now when trying to reach HA from outside, I get to the log in page just fine, but when I enter my password it sits there forever and then finally gives me an ‘Unexpected Error’ error message.
I have renewed the SSL certificate and all is good there as far as I can tell, I just can’t log in.
I can use the exact same web address when I am on my home network and can get to HA just fine. I have a couple ideas that I need to try out when I get back home from running some errands, but thought I would post up to see if anyone else had any ideas or has encountered the same issue.
I have seen this as well. I suspect it has to do with this.
I’ve found if I “refresh” the page by pulling it down (android), sometime it takes a couple tries, then it works. Try to completely refresh the page and see if that helps. If you have access to a computer or a way to ping, you could try pinging your HA server to see if it is accessible remotely.
P.S. I added pihole to my HA server and it includes dnsmasq. Changed my home network router to use my HA server IP address for DNS lookup and added my external URL to the host file on my server. This allows me to use the same external URL to access HA inside and outside my home network. Then I just put a shortcut on my phone to that site, and use the shortcut remotely and locally. It also removes the address bar making it look like an app instead of a webpage. Ok, done with off topic rant.
@rpitera I just set all this up not a month ago, so nothing is/has needed updating as of yet, but I did so just to eliminate the possibility. Let’s Encrypt has to be renewed every 90 days, and DDNS is a lot longer as I recall but I do have it set up to do so automatically.
@Kbeesnees, you nailed it. I do not know why that did not occur to me to do. The refresh itself did not work but I was able to clear the history which appears to have done what was needed as I can now get back to the site.
I would be more interested in learning how you did all you have with PiHole and dnsmasq, though if you ever have time to share and how you did so. I have held off making things too permanent in the RPi because I am in the process of setting up a Linux server to take over the duties of the Pi and serve as my storage for my IP Cameras, Samb File server, and a few other things. I have it set up in basic form but I need to get a Bluetooth card in it to take over the presence detection and I may put a dual-port ethernet card in it to do some firewall work.
I will likely, eventually end up with a rack server dedicated to running HA and another with a bit more horsepower to provide other services, Not that I need two to do all that, but it would be fun to play with and set up. However, I am a bit ignorant when it comes to setting up inside/outside URL type stuff. Never had much need for it until I started using HA and now find myself playing catch up.
@StormStrikes, Glad that was it and I could help. Since the caching issue is known now, maybe a fix won’t be too far away.
Setting up the URL actually wasn’t difficult at all. I’m using a Pi3 myself although I like to refer to it as a server. First step is look in your modem settings to see if it will let you change the DNS server. If Yes, you should be good to go. I installed Pi-Hole ad blocker on the pi along with HA. Its very straight forward (similar to the AiO for the HA on the Pi). After you install Pi-Hole, you’re almost done. It will walk you through configuring it with a guide. Make note of the static IP your Pi is using and set that as your DNS server in your modem. This will direct all local DNS traffic through the Pi. My modem let me have more than one DNS server as backup so I set the original as DNS 2. Doing that makes sure if the Pi shuts down, the internet still works. (I have NOT noticed any stability issues or slowness). Last step, edit the /etc/host file and add your external URL. This tells the Pi that anytime it see traffic to that URL locally, find the site locally(because HA is on the same system). Thats pretty much it. If you get stuck, feel free to start a new thread and add me with @Kbeesnees. I’ll be happy to help.
@Kbeesnees, thank you, sir. I can set DNS in my Router as I am running DD-WRT there, from there it goes to another router that more or less just serves as a gateway.
I have seen PiHole before but never did much other than just take a note of it. I might need to get current on it. One last question and I will try not to harass you any further unless I start a new thread. Is there a Linux version of PiHole? Something that would run a Debian or Red Hat type system?
From what I’m seeing on their site along with others is Pi-Hole isn’t limited by architecture. It is only supported on certain OS’s though. Looks like Fedora and Debian are supported so it should run fine on your pi and server.
Are you getting a 403 error when trying to reach HA?
Can you post sanitized URLs you’re using to access while on Wifi and on Mobile?
When I’ve had this issue, I’ve used a second browser I have on my device to access as well and it has worked, leading me to think it still may be a cache issue. I personally don’t like clearing my cache if I don’t have to but that is another option that you could try.
Edit: I’ll see if I have time this weekend to do a start to finish write up under the Share Your Projects section on how I setup Pi-hole to use it for DNS filtering.
I would not know how to sanitize the URL since it’s just that, there’s no sensitive information with it. It’s going over SSL so I have port 443 forwarded to 8123 for the IP address of the PI.
The only error I am getting is the site (my http address) cannot be reached, took too long to respond. No 403’s, 404’s 500’s or anything like that. It’s the same URL for both WiFi and Mobile. The password is not the strongest in the world, but again, I am transitioning over to the server so I was not super concerned about it just yet.
I had someone else try and get to the link and they are unable to either, so I am wondering if its not an issue with DuckDNS.
Without a local DNS filter like dnsmasq on the network I’m a bit confused on how you’d be able to access the system locally with the duckDNS URL unless you have something similar in DD-WRT. I’ve never used it but I wouldn’t be surprised. On my system, I changed the default port for HA and forwarded that to the same port internally.
I generated a new key fro DuckDNS added that to the script file and ran the renewal process, and it works, connects and updates fine. No errors at all. I have done the same for Let’s encrypt. The only thing left I can think of is my router, but it is set up to port forward SSL to the Pi.
It has worked before as I have accessed it while I have been at work
No, I dont have to use the port numbers because I am port forwarded from port 443 (SSL) to port 8123 (HA).
I guess the best way to describe it is that I enter my DuckDNS URL into the address bar using HTTPS. Because of the use of HTTPS that request will hit my router on port 443. That is the Outside network request.
My router then takes that request, since a rule is set up in the port forwarding rules, and sends it to the Raspberry PI running HA on port 8123.
So I went back and re-read some of the conversation. I missed this part and things are making a bit more sense. Sorry for the confusion.
Is the Pi directly behind the DD-WRT router or behind the second “gateway” router? I’m wondering if it might be a firewall/port forwarding issue there.
If directly behind the DD-WRT router, I’m at a loss because it sounds like you have everything setup correctly.
It is directly behind the DD-WRT router. However, the DD-WRT router is the second router on the network. The first router does and is configured for absolutely nothing but to act as a gateway. No firewall, no IP filtering of any kind, no address translation, just take the traffic and pass it to the DD-WRT router.
I agree that it is acting like some kind of forwarding issue, but I have checked all the configs and I am seeing nothing that is standing out to me.
In fact, I use DHCP Reservations so none of the internal IP’s change to prevent any kind of craziness from DNS leases and renewals, etc.
Ahh, So you do have the first router setup with DMZ? Its just being used as modem.
When you connect on Wifi I assume you’re using the Wifi of the DD-WRT.
Last few things I would try, just for testing,
1st
If you have an IPv4 external IP address, verify IPv6 is turned off in the modem and DD-WRT. Verify no IPv6 is set in duckDNS.
2nd
Try to connect directly with your external IP instead of the duckDNS URL.
3rd
Forward the port HA uses to the Pi’s IP address and try to connect with the port at the end with both IP and URL.
Other than that, sounds like you have all bases covered. Not sure where to go from here but I hope someone with other ideas might be able to help. When you figure it out ( I know you will) it would be great to hear the fix.
First step is look in your modem settings to see if it will let you change the DNS server. If Yes, you should be good to go. I installed Pi-Hole ad blocker on the pi along with HA. Its very straight forward (similar to the AiO for the HA on the Pi). After you install Pi-Hole, you’re almost done. It will walk you through configuring it with a guide. Make note of the static IP your Pi is using and set that as your DNS server in your modem. This will direct all local DNS traffic through the Pi. My modem let me have more than one DNS server as backup so I set the original as DNS 2. Doing that makes sure if the Pi shuts down, the internet still works. (I have NOT noticed any stability issues or slowness). Last step, edit the /etc/host file and add your external URL. This tells the Pi that anytime it see traffic to that URL locally, find the site locally(because HA is on the same system). Thats pretty much it. If you get stuck, feel free to start a new thread and add me with 