Help with port forward on Unifi

I have had HA working great for along time probably a year with duckdns and lets encrpyt. About a week ago It stopped working. I have been fighting with this for a week, talked to people on unifi boards and opened a ticket with no luck. I can access the https duckdns inside my network fine. If I take my phone of wifi and try it does not work. If i do a port check it tells me 443 is closed. I did some troubleshooting where it looked like traffic was actually passing my router and looked to be the server is actually blocking it? I could be wrong. I restored a backup of HA from a while back when I knew forsure it was working good and still no luck. Im going crazy PLEASE help.

Give us a few more details.

What have you changed/messed with - eg settings on the unifi, settings on the hass instance?

Which Unifi product(s) are you using? Have you updated the controller version (maybe you have auto updates turned on?)

Show us a screenshot of how you have the port forward setup?


The only change I made was I added a unifi nvr and some cams. I have tried disconnecting that from the cloud service and shutting down the vm completly.

I have a usg (router) at the current version, wasnt upgradted recently
2 24 port unifi switches stacked at current version that was recently upgraded
2 8 port unifi switches current and not recently upgraded
2 AP pros current without recent upgrades
controller is at 5.6.30 the most current stable version. I keep backups and reverted my controller back to about a month ago and that did not solve the problem.

I run HA in docker in a ubuntu vm, its been that way for quite awhile, thats the most stable setup ive had with ha actuallly.

It was at 62.1 or whatever the current is. I actually reverted back to 59.2 last night to test, I found 59.2 to be really stable and stuck with that for awhile, so i just tried to see…

Im so lost, ive never had any issues like this, unifi forwarding is as straight fwd as it gets. I would be able to create new vms move the ssl keys to the new vm and change the fwd ip and it would work everytime. I didnt even move it recently though, it was working fine then i noticed my home / away automations werent working and i had lost my outside access. I went to just get a new cert and now lets encrpyt wont even let me do that, I get na unautheized message

I do run my own dhcp / dns / ad but i have no issues anywhere else but with this.

Another really odd thing is my TTS works. I use amazon polly which I believe requires ssl…?

That’s quite a setup. Fairly similar to mine, I also run unifi usg, switch, aps. I have hass on an arch Linux vm. also run my own dns. However, I purchased a domain name and static ip so that I don’t have to muck around with dynamic dns.

Sounds like you’re familiar with how everything hangs together on the network side.

From the symptoms, it does sound like something has actively started blocking your port forwarding.

have you isolated the issue to just your ports forwarded to hass? do you have ports forwarded to any other devices? I’m not familiar with the TTS acronym

with the internal access working, does your duckdns address resolve to an internal ip, or does it resolve externally and therefore use the loopback on the usg?

might sound silly, but have you deleted and recreated the forwards on the usg? maybe something has corrupted in the config.

What if you try https://wan_ip:port directly when not on wifi? Does that work?

Is hairpin NAT enabled?

Did you solve this? Having the same problem with my Unifi :frowning: