Help with duckdns, nginx

djtommye · January 15, 2019, 2:31pm

I set up duckdns the other day, and used the built-in Let’s Encrypt SSL component. I then started getting some error like TLSV1_DECRYPT_ERROR in my log every 500ms.

After researching, I discovered I should also be using nginx. (but without the duckdns Let’s Encrypt - which I didn’t realize). So I set up nginx, but now I can’t reach my installation at all over https. Doing so, I get the error

hassio.local:8123 uses an invalid security certificate. The certificate is only valid for .duckdns.org. Error code: SSL_ERROR_BAD_CERT_DOMAIN

What’s the proper solution? I can’t log in to the UI to disable nginx.

flamingm0e · January 15, 2019, 2:36pm

with what domain name?

Yes…because your certificate is pointing to your domain name that you configured duckdns with.

Use one or the other, or configure the NGINX reverse proxy with your DUCKDNS hostname, and access the page with your duckdns URL.

Can you elaborate on why you should be using nginx also? And what settings you thought you needed?

Can’t you still bypass the cert error and go in? or disable the add-on from command line? or even edit the config file for it?

djtommye · January 15, 2019, 2:56pm

@flamingm0e Thank you for helping…

I set up duckdns and everything seemed to be working okay. But I was getting that decrypt error in my log every 500ms. I also realized that my konnected.io component was not talking to my ha installation now. After doing some searching, I read that I should have set up duckdns without Let’s Encrypt, and used ngix instead.

Well, dumb me - I set up ngix and didn’t see if I could remove the encryption from duckdns. So logging in, I was getting a certificate error that the certificate was only valid for domain.duckdns.com

I finally realized ( a momemt ago) that I was attempting to log in to http:// not https:// - so now I am logged in to hassio.

What should I do to remedy this situation? Any help would be greatly appreciated! Thank you in advance.

flamingm0e · January 15, 2019, 3:03pm

If you want to use NGINX and SSL certs, I recommend having NGINX handle the certificates, and reverse proxy to your HA over HTTP. This will allow all devices externally to use valid certs, but allow internal devices to talk HTTP locally. I would do this only if you trust your Local Network.

djtommye · January 15, 2019, 3:30pm

Do you know if a resource that describes how to configure as such?

adrkable · February 15, 2019, 6:16am

This doc made it super easy to setup in 5 mins.

ArisSaraiva · August 20, 2019, 6:16pm

Hello,
I´m trying to use duckdns and nginx with the second one handling the SSL certificates, I´ve already uncomment the http part in yaml leaving only my domain, but when I Started nginx it gave me this error:

"[INFO] Running nginx...
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx.conf:45"

anyone knows what I´m doing wrong?

rgds

Palmer_Duckworth · August 28, 2019, 12:08am

I am getting the same error

ArisSaraiva · September 5, 2019, 5:18pm

anyone solve this?

Mutt · September 5, 2019, 5:39pm

I’ve recently been through the 9th circle of hell that some call duckdns
And ALL the problems were my fault
it should be really simple, have a look at DuckDNS - It's not just me - it's you! There is one post in there that describes everything you need to do
Regards
Mutt

mbovell · July 2, 2020, 6:42pm

Thank you, finally got this working. I’m new to HA and I find the documentation to be all of the place.

ThaNerd · January 19, 2021, 2:06am

I’m using IDE and TasmoAdmin both require a URL in the iframe config (Ports 9541 and 8321) but no matter what i put there (duckdns or local IP) i can’t get it to work from the hassio Android app. It works if i use the local IP in my browser: http://192.168.1.xxx:8321/ide.html

I’m using Nginx Proxy Manager