Hass.io with DuckDNS and DNSMasq Won't Serve UI

I have made my Hass.io accessible via DuckDNS addon with LetsEncrypt SSL. For the most part this worked (although requiring SSL breaks pretty much everything else like Node Red editor and Configurator).

Of course this immediately caused the next common problem that my router doesn’t support loop back, and I didn’t want to use two different URLs. Next I install DNSMasq add on and configure my router to use the Hass.io IP as a DNS server; secondary is Google public DNS.

At this point I hit problems. While connected to my local network using the https://myhass.duckdns.org address I am able to reach the old UI, but as soon as I change to Lovelace the UI just shows the HA logo and says "Unable to Connect " with a retry button that does nothing.

Does Lovelace UI not work on the local network with DuckDNS/Letsencrypt SSL and DNSMasq? Connecting from phone 4G Lovelace is served properly.

Also it should be mentioned that DuckDNS and Android Chome “add to homescreen” doesn’t work properly. `Manifest.json’ must not install correctly because the home screen icon opens in the browser instead of app mode. Can anyone confirm this?

I have also wasted countless hours trying every combination of settings to get my Node Red and Configurator iFrames working with no luck, but I guess that’s another topic.

After some more investigation, sometimes it will actually load, but only once.

After the initial loading if I press the browser Refresh button, then I get the response below and I can’t get back to the UI.

hass-error

Here are there errors when using DNSmasq on my local network to reach Hass UI. If I type IP address I only have the SSL error of course. Connecting to Hass via 4g works as well.

Why would getting redirected by DNSMasq create so many promise errors?
hasserrorslocal

No ideas how to fix this?

Can someone at least give me a hint how to troubleshoot this? There is nothing in ANY of the hass.io logs.

I believe I found the problem and it’s actually with how my router handles DNS. From what I can tell my router does not always use the primary DNS server first. As soon as I set my router with ONLY DNSMasq as the primary and no secondary everything is working.

If any network experts have any idea why this might happen it would be nice to know, because according to documents on how DNS should work this isn’t correct. Perhaps there is a bug in my router firmware…