seen it and doesnt help 
I ran through the few notes I kept on this and compared it to what was in the video and what steps you outlined above.
I don’t have anything about disabling 8123 forwarding until AFTER I got a valid certificate. I forwarded the same ports as you, same way, for the certbot procedure, then I changed forward on 443 to the Pi’s 8123 port.
I have something on my notes about Apache - it might be worth checking to make sure you don’t have another service running on 80 or 443.
I’ve dug through a number of searches on the Let’s Encrypt support site but I couldn’t find anything that seemed to apply to your situation. Most them were authentication failures from the DNS host, but you’re using duckdns and that should be set up to pass through fine by default.
thought about that too.
i can reach my fritzbox settings from the outside.
to be sure thats not the problem i turned that off.
i turned of hass, dashboard and appdaemon this morning too.
i think that the big problem lies in the fakt that the duck.sh finds another (outside) IP address and gives that to duckdns, then the outside ip address i see in the fritzbox.
why?? what could be the reason that the RPI thinks that the outside address is something else then what the fritzbox says?
Maybe check host file on the Pi?? Also look at ifconfig.
host file???
ifconfig??
If you type ifconfig at the command line of your Pi, it will show you the interface configuration (network set up). That will tell you how things are routed and what’s active and what not. Link explains some of this despite the title.
https://www.modmypi.com/blog/tutorial-how-to-give-your-raspberry-pi-a-static-ip-address
Host file - etc/hosts. This link talks about the host file and how to edit it.
in all the tutorials they say to forward 443 to 8123 AFTER you have the certification.
before that it should be 433 to 433 (according to tutorials)
but i tried it with 433 to 8123 also and still it doesnt work.
thank, rob, i will try it out.
Before you get your cert, it should be 443 to 443. 443 is the standard SSL port. I thought you just mistyped so I didn’t say anything figuring that you knew this but @anon35356645 is correct to point this out if that is the actual port you are using.
am i typing chinese today?
i think we both say the same 
as long as you don’t use a 443MHz tranceiver 
i havent given my RPI a static IP because i told the router: never change the IP address for this device.
i dont see that that should cause a problem. (dont want to test that because i would have to change the IP outside the DHCP range and then edit all kind of configfiles, dashboard, appdaemon, hapush, etc.)
ifconfig shows normal stuff. intern address etc.
hostfile doesnt show anything out of the ordinairy. i could change the name but i have only 1 RPI running so no need there.
nslookup keeps showing the right outside ip adress now.
and without cert i can reach HA with duckdns.
it should also be possible to use the ha root in stead of the standalone to retrieve the cert.
but where is my HA root?
tried my way around in the fritzbox.
ending up with that now if i go to:
https://mydnsname.duckdns.org
i get my fritzbox page.
so it is probably some problem somewhere inside the fritzbox (7360).
but how to solve could be quite a big problem.
1 Like
We got that far. We’ll just have to research some more.
I’ll see what I can find…
problem found (but not solved yet)
problem lies with the provider.
1 Like
I saw your other thread. In fact I tagged it for you so you’d get a better response. At least at this point all you have to do is talk to your ISP. That’s great news, Rene!
yeah, but i thought it would be wise that i write it here also for future reference
youll never know if another gets the same problem.
i have send a mail to my provider, hoping they have a solution
1 Like
No, you absolutely did the right thing. In fact, you could even link the two threads to make it even easier for people to find the solution.
Keep me posted; I’ve been biting my nails between you and @turboc on his rebuild!
good plan so here is the link to the other topic.
1 Like
Rebuild Done. 
Going to do it again (maybe) to better document it.
1 Like
have fun 