Looks like you’ve stopped the add-on while it was creating your certificates. Just remove the add-on and install it again.
Damn thought that did it when the log completed but now im back to this error msg bellow when i try to use the duckdns url with https://
But if i just use the url alone it brings me to my router settings page
ERR_SSL_PROTOCOL_ERROR
Either disable remote router management or choose another port.
Remote management will use the default https port (443).
No i have remote management turned off on the router.
you are giving out information very sparingly…
did the duck dns add-on return any errors after restarting it?
can you still access hassio using its device’s local ip (either http://192.168.x.x:8123/ or https://192.168.x.x:8123/)? if so, is it http or https?
is the IP at duck dns identical with your current ip (google “my ip” and compare the result with the IP from the add-ons’ log)?
Well ok, not sure what i did but was in the middle of a large post giving all the details and was switching ports on and off to explain what each instance did and I came accross one that worked without the https://
So now off network i can get to HA using my http duckdns url or internet IP but i do have to add :8123 at the end.
I have ports 443 and 8123 both being forwarded to 8123.
I do feel like going to the http version is less secure though right? Just for shits below is the post I was in the middle of writing when i got to this point.
"Sorry I am new to all this and trying to learn, not trying to be sparse I just not sure what all to post that is helpful. There was no errors after restarting, this is what the log says currently. I can access with the devices local IP with http:// but not with https://
INFO: Using main config file /data/workdir/config
Processing xxxxxxx.duckdns.org
- Checking domain name(s) of existing cert… unchanged.
- Checking expire date of existing cert…
- Valid till Mar 7 06:30:15 2019 GMT (Longer than 30 days). Skipping renew!
Fri Dec 7 19:36:50 GMT 2018: OK
xx.xxx.xx.xx (my internet ip)
NOCHANGE
So current state of things are as follows–
–When I try https://xxxxxxx.duckdns.org it gives me the SSL error I posted earlier
–This is my current configuration.yaml for http
http:
api_password: !secret http_password
base_url: https://xxxxxxx.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
– I have also dropped the HTTPS:// on the yaml file with no change
–Ok as I was writing this post i wanted to check some different port forwarding options again results below
------With Port 80 and 8123 both forwarded to 8123
------HA works with my IP:8123 off network but neither https or http duckdns URL work they give an SSL error
-----With Port 443 and 8123 both forwarded to 8123
Okay, this looks like progress 
Since your duck dns add-on log says everything is fine please set the http configuration like this:
http:
api_password: !secret http_password
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Make sure you use proper indentation like displayed here and do not add the base_url. Restart hass.io after adding/altering these lines!
Now try again using https://xxx.duckdns.org:8123/. If this does not work try it with the device’s ip (https://192.168.x.x:8123/ - you get an warning then since you use your IP and not the duck dns domain).
Let us know if any of this works.
Nice! I can log in with my https duck dns url both on and off my network. Also Samba still works so i think im golden! You are awesome!
Oh I cannot use the default hassio.local:8123 though is that normal? I guess that doesn’t really matter if i can get access with the HTTPS so this is more curiosity.
OOH and since we are on the subject, is there a way to auto update all the Lets Encrypt so i don’t loose access or is that already set up?
Thank you all again! Im excited to be messing around with all of this and hopefully can contribute soon!
Try the IP address (https + port). You’ll get a warning from the browser but an exception can be added.
This is because the SSL certificate is for your duckdns address not your local IP. You should be able to add an exception to your browser to ignore this.
It should happen automatically.
I can use the IP address as well as the duckdns url both have to have the HTTPS. I cannot access at all without it.
That’s normal.
Awesome, Thanks to everyone again!
Now to move on to the next integration haha, hopefully I dont screw this one up.
Glad you’ve got it working now 
Make sure you get rid of the api_password and only use the username+password (the one you’ve created on the first connection) for your own access and long lived access token for the other integration (when required).
api_password is the old way of authenticating against the system and it’s going away sooner than later.
The port forward 443 → 8123 in your router should no longer be necessary.
And as a final remark you should have a look at the http component documentation especially ip_ban_enabled and login_attempts_threshold when you want to keep hass.io accessible from the internet.
1 Like
Hey @Florian would you mind explaining why removing the base URL worked?
I always thought it was a vital part of the duckdns setup.
If you don’t have the base url you can’t do the integration for IFTTT and probably the short lived access tokens… I don’t think it affects duckdns though…
1 Like
the configured base_url included the protocol and since we’re at the beginning of hass.io usage here, I just wanted to strip it down to the basics (instead of correcting that and the api_password problematic) and make sure we get this solved before talking about optimizations 
1 Like
Yeah I had to add it back in to get IFTTT to work. Added it back in with no issues though, now im just trying to figure out WoL
Reopening an old thread, I’ve run into trouble with remote access via duckdns and I’m trying to follow all of the changes from what I’ve read in this thread, particularly from @Florian
They seem to be:
- remove “base_url” from the configuration so it now looks like this:
http: ssl_certificate: /ssl/fullchain.pem ssl_key: /ssl/privkey.pem
- remove port forward of 443 to 8123
- now try again using
https://xxx.duckdns.org:8123/
Unfortunately no access, either with or without the port number.
The duckdns addon is not reporting any errors.
Thanks
Where did you remove that forward? In your routers configuration? You should have replaced it with a port forward 8123 to 8123 then.
What do you see when you open your URL in a browser? Did you test it from outside your own local network (e.g. by using your mobile device without being connected to your WiFi network)?
I’ve added the port forward 8123 to 8123 and tried again from my phone without WiFi turned on.
On chrome it gives me ERR_CONNECTION_REFUSED, so still no luck.