I’m using RPi 4 (4GB) and the HA 109 right now. DuckDNS works fine as an add-on (since day on in november 2019.) I have no issues with other add-ons like Deconz, Node-RED etc.
Unfortunately DuckDNS had outtages for the last month, so that’s why I want to switch to CloudFlare.
Hi,
First, @hars, thanks a lot for your addon. I did pass my HA instance to a secure https has been very easily with your addon.
Second, quick question about the “domains” configuration.
Right now, I only the subdomain of my HA instance (ha.mydomain.ca).
Can I put multiple domain there ? I do have other website (2) running on an IIS server that I host here and I wonder if the addon can handle those ?
If yes, does my dynamic IP will be updated for those subdomains ?
does the other subdomains will be part of the SSL certificate issued by letsencrypt ?
When I’m connected to WiFi from a computer I can go to: https://192.168.x.xx:8123 it complains about an invalid cert but I can still login
http://192:168.x.xx:8123 I get ERR_EMPTY_RESP which I believe is expected since I saw above http will not work if https is enabled.
When I try to configure the local ip address in the HA android app (using https of course) I get an Unable to connect to Home Assistant error. I assume this is because of the invalid cert error I receive. Is there any way around that?
EDIT: I know the simple answer is always to use the external domain name, but in case of internet outage I’d still like to be able to pull up the app with the local IP
Have you tried testing the external domain with the cable pulled from your router? Mine works fine but I am using a pihole install on my local network as DNS and my router has multicast turned on.
I updated today to 0.114.3 and on restart after the update I’m now getting a certificate error. Along with that, because of the certificate error, I can’t use the app at all, local or remote.
I notice on reboot the add-on isn’t running, I start it and everything looks good in the logs but still getting a certificate error. Anybody else seeing this behavior?
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[cmd] /run.sh exited 7
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
The error says the domain doesn’t match. So I went to an SSL checker, and it’s showing the certificate is registered to my old duckdns address? Very odd. The only thing I did was update from 0.114.2 to 0.114.3. So I renamed the fullchain and privkey files to .backup’s and re-ran the addon but it’s not generating new cert files. I also just removed and re-installed the addon, ran it again, log all shows good but the 2 cert files aren’t being generated in the SSL folder.
EDIT: Reading through it looks like I’m now having the same issue as @ASNNetworks had. What was the solution you used to get it working?
I didn’t use a solution, I stuck with DuckDNS, was tired of trying with no results or logs. Might try a snapshot and restore without SSL and DuckDNS add-ons the next time I burn my sd card.
Well I just rolled back to 0.114.2 and I see the fullchain and privkey files are now dated July 15th (As opposed to Aug 21) and the cert passes all tests again with SSL labs and I can access as it should. Absolutely no clue how the cert changed with my old duckdns address??
That said, the currect certificate expires in October, and if I start the addon I’m getting the same log info as above, it just stops at sending all processes the TERM signal which means it’s not actually creating the certificates as it should. There’s no errors being thrown in the HA log. So I worry when October rolls around I’ll be in a mess again. I can’t help but wonder if it’s because the addon uses base_url and base_url is a deprecated feature.
Also, when I start the addon it does not stay running, normal?
Good info, but I don’t think that’s what is happening here.
As a test again, I just renamed the 2 working certificate files as fullchain.perm.backup and privkey.perm.backup and re-ran the addon. No new certificate files are being created, and the log doesn’t change. The add-on also does not stay running which I would assume it should since it needs to update cloudflare with the IP
EDIT: I just took this test one step further. I changed the subdomain in the config which should then create a new A record in cloudflare. Same log output, no new certs are created, and the A record is not created in cloudflare.
@hars any thoughts on what’s happening based on the log?
I uninstalled, re-installed and reconfigured and still getting the same log output.
My certs expire in a few weeks here.
Hi all, apologies for the slow responses. I’m not a power user of home assistant, I just use it with some switches to control a few lights.
I just updated the latest version, deleted my certs and used a completely new domain. Everything worked just fine.
@mrobi it looks like yours is failing here: [cmd] /run.sh exited 7
I’m not clever enough to know what Exit code 7 refers to and after googling, I’m none the wiser.
I would double check your config to make sure there’s no odd spaces or inverted commas. Failing that, have you tried installing the logger add-on to see if there’s more details in there?
Also I’m not sure if you’re on a Mac or not but use Chrome if you need to access the local IP. Safari for some reason just fails immediately but Chrome works.
Exit code 0 means success, any number other than 0 is an error. Unfortunately there’s no set standard to what the number means, it’s set by the program itself.
In my particular case, this add-on worked. I changed nothing in the config. Now it doesn’t. The only thing that’s changed that could possibly affect it is different versions of supervisor and core.
I’ve removed the add-on, re-installed the add-on. Reset config to default multiple times. Removed the existing certs. Tried a new domain. All give the exact same log. The logger add-on doesn’t give any useful info either unfortunately.
You could try to add this code to the run.sh script and see if it outputs where it’s failing:
trap 'catch $? $LINENO' EXIT
catch() {
echo "catching!"
if [ "$1" != "0" ]; then
# error handling goes here
echo "Error $1 occurred on $2"
fi
}
Clone or download the add-on from GitHub, make the change to run.sh (and perhaps the name in config.json so it’s easier to spot) and then dump the entire add-on into the addons folder:
I’ll try to do some testing this weekend but let me know how you get on.