I am new to HA and have only setup a static IP in my router (i had issues with the USB method). This works perfectly until I continue further. I follow the video and other videos on setting up duckdns and something really odd happens (#).

First let me tell you what i have done. Fresh config on sd card (latest from hassio web. After 20 min log in to HA. All good. Load add-0ns configurator and duckdns. I have the duckdns token from doing this prior. Modify the config for duckdns.
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “xxxxxxxxxxxxmy_tokenxxxxxxxxxxxxxxxxxx”,
“domains”: [“mine_here.duckdns.org”
],
“seconds”: 300
}

All good. Here is where it goes south. I modify the configuration.yaml
http:
base_url: https://mine_here.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

as soon as I remove the # in front of the http: I am never able to log back in post reboot using (http://my_ip:8123, https://my_ip:8123, http://mine_here.duckdns.org:8123, https://mine_here.duckdns.org:8123)

I am not 100% sure but it seems that the local network attempts should work. The duckdns should not until I port forward 8123 and 443.

I have done this dozens of times. I was able to get duckdns to work http://mine_here.duckdns.org:8123 (not secured) but I had to change the configuration.yaml to include the # and change to http://mine_here.duckdns.org:8123 (I think this means my fort forwarding works but not https (443). Example below

http:

base_url: http://mine_here.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Any help would be appreciated. I am trying to off the ground. I would share logs but I can’t log in

This should be all you need for the base URL (i.e. no port and no https://):

base_url: mine_here.duckdns.org

When you tell HA to use a certificate, you can no longer use http to access it.

Are you sure you’re using correct spacing (since you didn’t format your code in the forums)?

The logs are stored in a file. You don’t need to login to the webpage.

Reading the post closely I’m pretty sure the ‘http’ being referred to here is the configuration key/option, not part of the URL. EDIT: actually probably not.

I was referring to this comment

The # http: that “I think” I am having problems with is the one in the configuration.yaml. I am probably wrong.

I just removed the :8123 as well

http:
base_url: https://mine_here.duckdns.org
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

and am still unable to log back in. I am able to putty to files if need be.
currently I do not have any ports open on my router. I was only trying
http://my_ip:8123, https://my_ip:8123 this time

That line is required if you want to use the system with SSL…unless you figure out how to use a reverse proxy.

home-assistant.log has your answers then.

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-06-20 04:27:46 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
File “uvloop/sslproto.pyx”, line 484, in uvloop.loop.SSLProtocol._do_handshake
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
core-ssh:/config#

Could you do us a favor and use the code tags properly on your posts? This stuff is hard to read

learning here. i will read up on that

Point 11 here: How to help us help you - or How to ask a good question

testing delete

crap. i guess that was personal

closing my ports and getting a new domain, ugh

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-06-20 04:27:46 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
core-ssh:/config#

Is your certificate correct? Did it get a certificate?

do I dare ask how do I know if it is correct or if it generated a certificate?

the duckdns log

# INFO: Using main config file /data/workdir/config

I should had said I just started again from the beginning and got a new domain.
i have this in the duckdns config

  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my_token",
  "domains": [
    "mydomain.duckdns.org"
  ],

and want to put this in teh configuration.yaml… again

http:
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

You would see the certificate files in the filepath…

I had a very similar problem. It had to do with self signed certificates and if your router has loopback capability.

My suggestion is to try a different browser on your locally connected computer…and accept any bypass they give you on security messages that come up. Safari wouldn’t work on my ipad…I had to install dnsmasq to even get it to work without SLL because my (FIOS/Arris) router doesn’t have NAT loopback.

I have chrome, firefox and microsoft edge, but I don’t recall which worked and which didn’t. I am now running without SSL because it just caused too many problems. I’ll get to implementing it some day.,