Hass.io 1.13 DuckDNS HTTPS certs not reachable

Installation Home Assistant OS
1

I have read numerous posts on DuckDNS issues, most are resolved by simple typos and following the directions. I’ve spent days trying to get this to work, but no success.

I’m running HassOS 1.13 on a Pi 2B, with an Arris router from Spectrum. I’ve installed the DuckDNS add-on using the most current instructions. The DuckDNS install and config runs successfully no issues. I can access my web UI using my internal IP 192.168.0.XX:8123, but not https:// 192.168.0.XX:8123. I have also tried a host of different port forwards. such as 443-443, 443-8123, 80-80, 8123-8123 (no all at the same time) and have even set the Pi to DMZ, but I can’t access the UI via the XXX. duckdns. org domain names. I’ve tried them with HTTP/HTTPS and with and without the 443 and 8123 ports on the end. When I run SSLShopper’s SSL Checker it shows my duckDNS is making to my external IP, but is unable to locate the certificates (see results below). I have checked the /ssl folder and both certificates are there. I think I have also ruled out any port forwarding issues, because I set my Pi as DMZ on the router ans still had the same problem, even when using the ports.

The feeling I get is it’s not a network issue (due to DMZ status), but the web just can’t find the certs.

Here are my configs:

NOTE: I had to put spaces is everything that looks like a link, because as a new user I’m limited to 2 links per post. They aren’t actually links they are just the entries in my config files.

SSL Checker results

xxxxx-01.duckdns.org resolves to 70.112.XXX.XXX

No SSL certificates were found on xxxxx-01. duckdns. org. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.

DuckDNS:
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX”,
“domains”: [
“XXXXX-01. duckdns. org”,
“XXXXX-01. duckdns. org”
],
“seconds”: 300
}

configuration.yaml
http:
base_url: XXXXX-01. duckdns. org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

NOTE: I’ve tried with and without the base_url line

DuckDNS Log

INFO: Using main config file /data/workdir/config

  • Account already registered!
    Wed Dec 19 04:46:39 UTC 2018: OK
    70.112.196.214
    NOCHANGE

INFO: Using main config file /data/workdir/config

Processing xxxxx-01. duckdns. org with alternative names: xxxxx-01. duckdns. org

  • Checking domain name(s) of existing cert… unchanged.
  • Checking expire date of existing cert…
  • Valid till Mar 19 03:43:58 2019 GMT (Longer than 30 days). Skipping renew!
    Wed Dec 19 04:51:46 UTC 2018: OK

If anyone has any suggestions I’m definitely interested. There is a lot of info on how to do this but much is dated (old) or not dated at all and very little on how to trouble shoot. It’s all do this and it works. :slight_smile:

2

Do you have ip_ban_enabled: True in your configuration.yaml? If so, its possible that your external access got blocked. Which is what happend to me yesterday. I spent quite a while before I remembered to check the ip_bans.yaml file and clear it.

3

Unfortunately no, my configuration.yaml file doesn’t even have that parameter. My configurator config has an ip ban function: Which bans google DNS by default.
],
“banned_ips”: [
“8.8.8.8”

I tried changing the IP in that and it had not effect. I’m really tempted to just set up an nginX proxy on a separate server and leave this one unsecured. :slight_smile: But thanks for the help.