So it is not possible to open HA without the https protocol locally right?
So how do you open HA after installing letsencrypt while being in the home network?
When I open it via https://ip_adress_ha:8123/states, than I often get a weird message that tells me that there is a problem with the certificate (IOS) or the Kaspersky warns me to open that page.
What am I doing wrong?
If I open it locally via duckdns.org it often takes longer, Hass.io does not open (no https) and sometimes it lags so much I have to refresh.
I also realized that I had both addons installed, letsencrypt and duckdns, and that this is wrong because duckdns has letencrypt included.
So the reason why I am confused now are two things.
Will the certificate automaticalle renew with the duckdns script or do I have to add something?
Is it save to use the port 8123? I that now that much about this stuff so I need a little help. The guide above tells you to use port 80. Is there any difference between those ports?
how do you have your port forwarding set up now? what address do you use to access your HA from outside (don’t give the full dns name, just an example)? is it just the duckdns name or do you normally add a port to the end?
I would get rid of/uninstall the duckdns & letsencrypt stuff (or restore your SD card from a good known backup if using a Raspberry Pi) to get back to a basic installation and see if you then have access to the HA externally at http://…:8123 and if you can SSH into the machine.
then once you know that’s working again then move forward from there to get duckdns set up.
Other than that it’s all I can think of doing right now.
Do I have to decide which adress I open? I can’t open HA via duckdns when my iPhone is in local network. I can open the local website. Sometimes I get the Error on my phone: "FetchEvent.respondWith received an error: Type Error: certificate not valid.
While I have the option to ignore this messages on my pc/mac, it is not on my phone. It’s awkward that even I do change nothing, it will be possible to login locally via the phone later.
How do you guys login to HA. Do you choose the localadress for being at home and the public one while being away? This is not really handy, as it would be preferable not thinking about this at all and simply open one website.
No, I allow the address to resolve via its external IP address, and since my router supports NAT loopback, the web interface can be resolved without going any further than my local router. From HA’s perspective, the clients address is the router’s local IP, not the client but otherwise works fine.
if your router does not support NAT loopback this will not work.
The only way around it would be to use the local address you’ve done and ignore the certificate errors, or, install you’re own local DNS server, and create a local record for your duckdns domain name.
Ok thanks. I just checked that. My router does not support NAT loopback. Many other users did already complain about that.
However I use an Apple Airport Router linked to the Router from my Provider. So the Provider-Router links to the internet and hands it over to the Apple Router. Bevor I had a Double-NAT system, where both Routers hat different IPs (the first three numbers XXX.XXX.XXX.YYY). I changed that because of duckdns. It did not work with the double-nat network. Also this was an error from my apple router I ignored long time.
The reason why I explain this: Is there a way to use the Apple Router for NAT loopback.
Maybe it is possible to setup bridgemode at the Provider device and let the AppleRouter manage everthing else. The thing is the Provider-Router does support duckdns, which Apple doesn’t and I the duckdns thing will not be possible when the Provider-Router is in Bridgemode (not knowing if this one is able to do that.)
I think I’ll have to pick option one as option to sounds to sophisticated for me.
You’ll need something to host it on, what have you got?
If your using a rpi, you could install pihole and then create a static dns entry. You would setup the pihole server to forward dns requests to your router and then change your router to issues DHCP leases with the pihole as the DNS server. Static IP devices you’d need to change manually.
add my local IP from my raspi (where dnsmasq runs) to the dns settings of my router (instead it would also be possible to add the the ip in the dns settings of each device (smartphone, laptop etc.) but I think adding it to the router is less work and future devices will just work without changing the settings