Guide: How to set up DuckDNS, SSL, and Chrome Push Notifications


So for the past three days I’ve been struggling to set up push notifications since the guides miss some pretty crucial steps. I finally got it working and hoping to save someone headache in the future, I’m going to write a quick guide. I’ll likely use this myself if I need to set it up again.


  1. Up-to-Date Home Assistant
  2. Installed on a Raspberry Pi
  3. Used All-In-One Installer

DuckDNS guide

Bruh-automation guide (with video)

  1. Log into your router and go to NAT/Gaming or IP Forwarding or Whatever it might be called. IT is different for each router. You need to forward external port 8123 to internal port 8123 on the internal IP Address of your Raspberry pi.

  2. Find your public IP Address and connect to it on port 8123. For example, if your IP address is 123.456.78.90, type 123.456.78.90:8123 into your browser. Home Assistant should load (If it doesn’t work, try disabling the wifi on your phone and connecting that way. You might only be able to connect properly if you are outside of the network).

  3. Go to and login using your choice of methods at the top.

  4. Enter a name for your subdomain. For this, I will use hass-example making my full domain Don’t worry about setting your IP addresses yet.

  5. Click install at the top, for their guide. Under Operating Systems, select pi and then choose the domain you’re using for your DNS.

  6. SSH into your pi.

  7. Enter the following commands

    mkdir duckdns This will make a directory for the duckdns script.

    cd duckdns Change to the duckdns directory.

    nano duck.shcreate the duck dns script. Note that BRUH and DuckDNS use vi. This is stupid and more complicated than necessary.

  8. Copy the line of code from the install page and paste it into the empty file (If you are using putty, copy the text then right-click in putty to paste). It should look like this:

    echo url="" | curl -k -o ~/duckdns/duck.log -K -

  9. Press Ctrl-X, Y, then ENTER to save the file.

  10. type chmod 700 which lets the script run.

  11. run crontab -e. Copy the following text and paste it into the bottom of the crontab file. */5 * * * * ~/duckdns/ >/dev/null 2>&1

  12. Press Ctrl-X, Y, ENTER

  13. Run the script by typing ./

  14. Check the script by typing `

  15. If it worked, You should see OK on the same line as [email protected]:~/duckdns $. If it says KO, something didn’t work right! Check your work and try again.

  16. type cd to return to the root directory.

  17. Make sure everything is working by connecting your duckdns domain on port 8123, such as Remember to try while outside of your local network. If everything worked, Home Assistant should load!

Let’s Encrypt! guide

Bruh-automation guide (with video)

  1. Open your router configurations again. You need to forward Port 80 to Port 80 on your raspberry pi, as well as port 443 to port 443 on your pi. This is to verify the certificate.

  2. Connected to your pi through SSH, run the following commands

    mkdir certbot to make a directory for the SSL certification bot
    cd certbot to change to that directory
    wget to download the certbot
    chmod a+x certbot-auto to allow the certbot to run.

  3. Edit and paste in the following command to run the certbot. You need to put in your real email address and your duckdns domain.

    ./certbot-auto certonly --standalone --standalone-supported-challenges http-01 --email [email protected] -d

  4. Answer the questions as it poses them to you.

  5. You should get a confirmation that everything went well and that the certificates are in the /etc/letsencrypt directory.

  6. Remove the port 443 and port 80 forwarding from your router.

  7. Type sudo chmod -R 777 /etc/letsencrypt to allow homeassistant to read the certificates.

  8. in configuration.yaml, you need to add thessl-certificate:andssl_key:lines underhttp:` It should look like this

       api_password: YOUR_SECRET_PASSWORD
       ssl_certificate: /etc/letsencrypt/live/
       ssl_key: /etc/letsencrypt/live/
  9. Try to access from outside of your local network. (note that is httpS, not http). If it connects, you did good!

Push Notifications

Almost there!

Terrible Guide

Missing Files Information

Google Verification Information

  1. While connected to Home assistant, under developer tools click the first icon, services

  2. In domain, type homeassistant and in service, type stop

  3. Click call service. This will shut down home assistant temporarily.

  4. type source /srv/homeassistant/homeassistant_venv/bin/activate to activate the Home Assistant virtual environment.

  5. type sudo apt-get install libpython-dev libffi-dev libssl-dev to download necessary packages

  6. Type pip uninstall pywebpush to uninstall an old version, if it is even there.

  7. Type pip install "" to update the package.

  8. When that finishes, type sudo reboot to restart your pi. Log back in to SSH in a few minutes.

  9. Meanwhile, go to and create a new project.

  10. Go to, add your domain as YOU MUST INCLUDE THE PORT.

  11. It will have you verify ownership. Choose “Other” for your domain registrar. Choose Alternate methods, then HTML tag.

  12. On your SSH connection, type sudo nano /srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/homeassistant/components/frontend/templates/index.html

  13. Copy the meta tag from the domain verification website. It should look like <meta name="google-site-verification" content="opkiwefjhweofashnkja-ojndf32498KDJ_mcILA" />

  14. In your SSH Shell, move the cursor past the <head> tag. press ENTER then right-click to paste the meta tag.

  15. Press Ctrl-X, Y, ENTER to save

  16. Go back to the verification website and click verify. This should verify your ownership of the domain! Go back to and verify that the domain is added. If not, add it again. Since it is already verified, you won’t get forwarded to another site.

  17. Go to and import the project you created.

  18. Click the cogwheel in the upper-left, and select Project Settings

  19. Select the Cloud messaging tab. the server key is your gcm_sender_key and the sender ID is your gcm_sender_id.

  20. Add the following to your configuration.yaml, with the proper information added from firebase added. note that both keys must be encapsulated in single quotes. The API key is long, while the sender ID is short in comparison.

      platform: html5
      gcm_api_key: 'gcm-sender-key'
      gcm_sender_id: 'gcm-sender-id'
  21. Restart homeassistant (either sudo reboot and wait, or do it from Developer services in the Home Assistant interface).

  22. You should now see a notifications slider in the sidebar on the left side. Turn it to the on position

  23. You should get a prompt to allow notifications. Click Allow.

  24. Go to the developer services. for domain, enter notify. for service, choose html5. For service data, enter {"title":"Test", "message":"This is a test"}

  25. In a few seconds you should receive a notification from Home Assistant!

  26. As you add devices, it is a good idea to name them open the html5_push_registrations.conf file in your configuration directory and rename any unnamed device to whatever you wish to name them. Don’t make any other changes to this file.

You’re good to go! Read the usage notes and good luck notifying!

How risky is not encrypting access to my HA instance?
Lets Encrypt on
Duckdns trouble
Push notification html5 for HA
Notify html5 Error after upgrade to 0.45.1
Unable to open <myhomeassistant> site after configuring letsencrypt
Verifying Domain with Google
Hass wont start with ssl_certificate and ssl_key
Addon duckdns+letsecrypt
Upgrading to fresh install of Hassbian 1.23 from 1.1, can I keep the old SD card
I messed up the Lets Encrypt install. How to start over?
DuckDNS Setup
Core-ssh:~/certbot# wget Connecting to ( wget: error getting response: Connection reset by peer
Can't get Let's Encrypt working with Hassio
Cannot connect anymore to hassbian.local

Thanks for this. I had pretty-much given up on getting HTML5 notifications to work. Turns out that pywebpush was not installed and I couldn’t tell from my error that this was the case. Got 'em up and working now.


I actually updated the HTML 5 push notification page a few days ago (and it was recently accepted) to clarify where I had problems. Otherwise, there is enough information there to get the HTML5 push notifications working without being platform specific. (I use Ubuntu 16.04 with my own domain and NGINX as a proxy, so most of your guide needs to be tweaked for me)

The 3 main areas were

  1. you need pywebpush which doesn’t always install by itself.
  2. The SSL certificate has to be valid & not self published
  3. basic auth has to be off to register (it also has to be off for /api/notify.html5 if you want to have actions that can be returned, but I didn’t know that prior to updating the page)

Also, your method has a flaw. When Home-Assistant eventually is updated your html tag is going to be blown away, which google says that it has to stay there to maintain verification. At some point in the future push notifications may stop and you’ll be left wondering what happened. So, now you need a reminder to patch your install every 2 weeks when it gets updated or not accept updates.

You are probably better off throwing NGINX (or any other web server on there) and hosting a file as you’ll never have to update it again. Either that, or waiting until someone completes the feature request for the component to accommodate google verification.


When I was troubleshooting, I actually noticed that it mentioned pywebpush. I was sure it hadn’t mentioned it on Friday. Glad to know I’m not crazy.

I’ll have to figure out how to get nginx installed. I was wondering if it might just stop someday. Thank you for informing me!


3rd week trying to get Google push working…Firefox push is OK for m but stops sending when chrome device registered.

I’ve tried everything in this guide and others but still get api-key error.
Anyone with a hint on this would be appreciated.

Reverse Proxy Nginx
Dependencies installed
Webpush uninstalled and reinstalled manually
Domain verified (my domain)
SSL for domain OK

Thank you


Nginx on Ubuntu is really easy for hosting the Google page, and I would hope it is as easy on rasberry pi. Just follow a guide and once you have the welcome page up just alias /google#####.html to your file.

(Replace the ##### with whatever Google gives you for the file name, there is no reason to mess with regex matches)

Securing Let's Encrypt SSL keys in AIO install: or how not to -R 777?

For me, I had to use the legacy server key to get it to work. The sender Id is the same for both.


Thank you for this! This post helped me get HTML5 notifications working. This would be great in the documents. One question I had with this is, will any future updates to the frontend of HA clear the meta tag?

If it will, I might try to figure out a way to have an automation on system start, check to see if it exists and if not, populate it. Not even sure where to start with that but it was just a thought. I might submit it as a feature request so the meta tag can be added as a new param for the component.


Yes. The change would be overwritten on an upgrade. I made a feature request to have the ability to add meta info via YAML:


Not sure what I’m doing wrong. I get this error when trying to run the script.

[email protected]:~/duckdns$ sudo ./
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0Warning: Failed to create the file /root/duckdns/duck.log: No such file or
Warning: directory
curl: (23) Failed writing body (0 != 2)

Some Alexa Questions

Thank you thank you thank you! I now have remote access enabled, with encryption!

One thing that held me up for a little bit, is that on item 14 of your first section, you included an apostrophe before (or, neglected to close the formatting). Of course, this should be obvious to an experienced user, but may trip up a total neophyte such as myself.


Hi! When I install pywebpush according to your guide, it installs version 0.5.0 for me but then when I try running HA with the notify section added to my config.yaml, I get the following error in the log file:

2017-06-15 13:48:25 ERROR (MainThread) [homeassistant.setup] Not initializing notify.html5 because could not install dependency pywebpush==1.0.0

So I’m assuming a higher version is required? I’ve tried installing 1.0.5 (which seems to be the newest version), but it just installs 0.5.0 anyway.
What am I doing wrong?

edit: I just realized that there is more to the error than I initially saw:

2017-06-15 15:01:34 ERROR (Thread-7) [homeassistant.util.package] Unable to install package pywebpush==1.0.0: Exception:
Traceback (most recent call last):
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/", line 215, in main
    status =, args)
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/commands/", line 335, in run
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/", line 749, in build
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/req/", line 380, in prepare_files
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/req/", line 620, in _prepare_file
    session=self.session, hashes=hashes)
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/", line 809, in unpack_url
    unpack_file_url(link, location, download_dir, hashes=hashes)
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/", line 715, in unpack_file_url
    unpack_file(from_path, location, content_type, link)
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/utils/", line 599, in unpack_file
    flatten=not filename.endswith('.whl')
  File "/srv/homeassistant/homeassistant_venv/lib/python3.4/site-packages/pip/utils/", line 484, in unzip_file
    zip = zipfile.ZipFile(zipfp, allowZip64=True)
  File "/usr/lib/python3.4/", line 937, in __init__
  File "/usr/lib/python3.4/", line 978, in _RealGetContents
    raise BadZipFile("File is not a zip file")
zipfile.BadZipFile: File is not a zip file
2017-06-15 15:01:34 ERROR (MainThread) [homeassistant.setup] Not initializing notify.html5 because could not install dependency pywebpush==1.0.0
2017-06-15 15:01:34 ERROR (MainThread) [homeassistant.setup] Unable to prepare setup for platform notify.html5: Could not install all requirements.
2017-06-15 15:01:34 ERROR (MainThread) [homeassistant.components.notify] Unknown notification service specified


This worked for me after only installing pywebpush version 0.5.0 with the above guide:

(fresh install of Hassbian 1.23 to fix broken Z-wave & mosquitto after upgrades)


Got stuck at step nr 14: Check the script by typing `


The command should actually be: cat duck.log (no “.” between cat and duck).



I’m sorry to bother you guys again but I cannot install pywebpush because of permission issues. I’m using Hassbian (0.47):

(homeassistant) [email protected]:/srv/homeassistant/bin $ (homeassistant) [email protected]:/srv/homeassistant/bin $ pip install “https://github .com/web-push-libs/pywebpush/archive/e743dc92558fc62178d255c0018920d74fa778ed.zi p#pywebpush==0.5.0”

This is the output I get:

running install
running build
running build_py
creating build
creating build/lib
creating build/lib/pyelliptic
copying pyelliptic/ -> build/lib/pyelliptic
copying pyelliptic/ -> build/lib/pyelliptic
copying pyelliptic/ -> build/lib/pyelliptic
copying pyelliptic/ -> build/lib/pyelliptic
running install_lib
creating /srv/homeassistant/lib/python3.4/site-packages/pyelliptic
error: could not create ‘/srv/homeassistant/lib/python3.4/site-packages/pyel liptic’: Permission denied


Does this happen even when you’ve stopped Home Assistant before installing?


Is your ha installed on the pi account? Usually it has its own user, which would mean that you are not running the commands correctly based on the screen dump you’ve posted.


Got stuck on Step 12.

Im on Ubuntu with a simple installation path of /user/.homeassistant/

Where is this /template/index.html? :confused:


I was able to install pywebpush with some info from another post. This works for Hassbian:

sudo su - # Make myself root
source /srv/homeassistant/bin/activate
pip install --upgrade setuptools #Required to fix http_ece errors
pip install