Probably just a dumb question. My LE cert was about to run out, so I did the usual steps to renew it, reset my ports to what they were, but now I can’t log in. I did notice that when renewing the cert, Letsencrypt on my Pi3 said there was a version update, so perhaps something changed there in the last 3 months. Here are my relevant forwarded ports, can anyone see anything wrong?
I should note that this was a couple days ago. I was running 0.45.1, and the only thing I had changed was the cert renewal. I’ve since upgraded HASS, and it still won’t boot up.
This is going from memory; FiOS won’t let you edit a rule/forward/etc. - you can only delete them and recreate them, which goes back to my first comment. LOL
Didn’t work either unfortunately. I’ll check my config tomorrow. I also have a pre-december 2016 build if that means anything. Perhaps LE doesn’t work with older HA installs anymore
That port forwarding interface is pretty dreadful, but certainly it doesn’t look like you are forwarding port 443 to port 8123, which is what you should be doing.
Unless there are some other restrictions on your network you should not need to change your port forwards to renew your certificate. (see the guide *)
Please confirm that homeassistant is definitely running, you just can’t access it?
If it’s not running there are other issues we need to fix before sorting out your certificate. If it is running, check you can access it on 8123 (comment out the SSL options in configuration.yaml), and then follow the guide to get SSL back up and running with automatic renewals.
I’m using a pre-Decemeber AIO install, and mine’s working. You just need to go through FiOS’ arcane and crappy interface to make sure your forwarding all 443 traffic inbound to port 8123 on the HA host.
Commented out the SSL lines and it boots right up logging in via my local IP. Must be port forwarding, and yes, that interface is trash unfortunately. I’ll check that again and report back. I had switched mine to what @rpitera’s looks like, but I could have done it wrong
Another quick update. Haven’t solved it yet, but I can log in while SSL info is commented out via both ipnumber:8123 as well as duckDNSdomain:8123, but only while port 8123 is open. If that narrows the problem area to SSL then, I could have did something wrong when manually renewing. I’ll definitely set up auto renewal now that I know that exists once I fix it.
With the SSL lines uncommented, try going to the site with Firefox, which sometimes gives more useful error messages. What specifically is the error in the browser when you try to access it with SSL enabled? That might give us a clue whether it is the router or the cert itself.
Another question. Working through the tutorial that @anon43302295 posted since I used BRUHs origianlly and the steps are a bit different. At the step where I posted this line:
Still not working unless I comment out SSL, even after reinstalling certbot via your tutorial. Below is the relevant section of my config file, see any syntax errors by chance?
Well some combination of redoing permissions and removing those apostrophes got rid of the error message in my log, and any other errors as there aren’t any now, but I’m still getting “unable to connect” when trying to get in.
Could just be port forwarding now. Here’s all I have open, should I open any more to debug?
Was away a couple days and thought I’d follow up on this. I actually just made progress, Found a tutorial that suggested I try completely deleting any letsencrypt directories and reinstalling. I did that, and while HASS won’t load on URL.duckdns.org, it actually loads at URL.duckdns.org:8123. Is there any way to remove the need for the port at the end?
