Https duckdns.org setup

Tags: #<Tag:0x00007f32631d8430>

Hello,
I am a bit frustrated in trying to setup ssl / https access to my homeassistant host.

According to the documentation, a suggestion is to use the " add-ons Duck DNS integrating Let’s Encrypt or Let’s Encrypt." But neither provide sufficient explanation for setup.

Actually, the link from the documentation provides a loop in stating: " If you are using Home Assistant do not use this guide. Instead, use the DuckDNS add-on "

I feel like I am pretty savvy when it comes to port forwarding ( I have several hosts behind my router with various ports exposed, including VPN), but I wanted to try out the “easier” ssl direct forward. However, I am confused as to how to address this misconfiguration - i.e. no logs or anything indicating what is wrong. I was able to access via https://myhostname.duckdns.org, but could not access locally from the app on my phone.

Has anyone found a step-by-step setup for this, and if so, could you please share it and add it to the documentation?

Thanks!!

Is this what the problem is for you?

If you can successfully reach https://sub.duckdns.org then that means TLS and the add-on are working.

Yes, I have port forwarding working with the external address https://mysub.duckdns.org (router accepts port 443 and forwards to my homeassistant port 8123). However, when I try to login locally using the ip address on the LAN (https://192.168.1.199:8123, I get the login prompt (and a notice that the certificate is not valid for the hostname) when it accepts, but then just goes to a “Retry” screen (showing the homeassistant icon).

Maybe it simply has to do with the certificate-hostname not being valid when using the local ip address. Not really the expected behavior, or maybe I am missing something…

Or maybe has to do with the “internal url” and “external url” settings in the “Configuration” panel. Currently have them set to the local “http://local_ip:8123” and “https://mydom.duckdns.org” respectively.

Debug Logs for HTTP:

Access from https://LOCAL_IP:8123 (which just sends me to a login loop / “Retry” message):

2020-10-29 11:27:52 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to 192.168.X.X (auth: False)
2020-10-29 11:27:52 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.X.X (auth: False)
2020-10-29 11:28:05 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/XXddb40905984xx99bc055571614eXXX to 192.168.X.X (auth: False)
2020-10-29 11:28:06 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/token to 192.168.X.X (auth: False)
2020-10-29 11:28:06 DEBUG (MainThread) [homeassistant.components.http.view] Serving /hacsfiles/iconset.js to 192.168.X.X (auth: False)

Access from https://host.duckdns.org/

2020-10-29 11:23:14 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to PUBLIC_IP (auth: False)
2020-10-29 11:23:14 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to PUBLIC_IP (auth: False)
2020-10-29 11:23:27 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/XXX148b1934278xxxxddec5a23bXXX to PUBLIC_IP (auth: False)
2020-10-29 11:23:29 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/token to PUBLIC_IP (auth: False)