Https duckdns.org setup

loopy1 · October 29, 2020, 12:13am

Hello,
I am a bit frustrated in trying to setup ssl / https access to my homeassistant host.

According to the documentation, a suggestion is to use the " add-ons Duck DNS integrating Let’s Encrypt or Let’s Encrypt." But neither provide sufficient explanation for setup.

Actually, the link from the documentation provides a loop in stating: " If you are using Home Assistant do not use this guide. Instead, use the DuckDNS add-on "

I feel like I am pretty savvy when it comes to port forwarding ( I have several hosts behind my router with various ports exposed, including VPN), but I wanted to try out the “easier” ssl direct forward. However, I am confused as to how to address this misconfiguration - i.e. no logs or anything indicating what is wrong. I was able to access via https://myhostname.duckdns.org, but could not access locally from the app on my phone.

Has anyone found a step-by-step setup for this, and if so, could you please share it and add it to the documentation?

Thanks!!

fanuch · October 29, 2020, 1:13am

Is this what the problem is for you?

If you can successfully reach https://sub.duckdns.org then that means TLS and the add-on are working.

loopy1 · October 29, 2020, 2:39am

Yes, I have port forwarding working with the external address https://mysub.duckdns.org (router accepts port 443 and forwards to my homeassistant port 8123). However, when I try to login locally using the ip address on the LAN (https://192.168.1.199:8123, I get the login prompt (and a notice that the certificate is not valid for the hostname) when it accepts, but then just goes to a “Retry” screen (showing the homeassistant icon).

Maybe it simply has to do with the certificate-hostname not being valid when using the local ip address. Not really the expected behavior, or maybe I am missing something…

Or maybe has to do with the “internal url” and “external url” settings in the “Configuration” panel. Currently have them set to the local “http://local_ip:8123” and “https://mydom.duckdns.org” respectively.

loopy1 · October 29, 2020, 4:37pm

Debug Logs for HTTP:

Access from https://LOCAL_IP:8123 (which just sends me to a login loop / “Retry” message):

2020-10-29 11:27:52 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to 192.168.X.X (auth: False)
2020-10-29 11:27:52 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.X.X (auth: False)
2020-10-29 11:28:05 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/XXddb40905984xx99bc055571614eXXX to 192.168.X.X (auth: False)
2020-10-29 11:28:06 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/token to 192.168.X.X (auth: False)
2020-10-29 11:28:06 DEBUG (MainThread) [homeassistant.components.http.view] Serving /hacsfiles/iconset.js to 192.168.X.X (auth: False)

Access from https://host.duckdns.org/

2020-10-29 11:23:14 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to PUBLIC_IP (auth: False)
2020-10-29 11:23:14 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to PUBLIC_IP (auth: False)
2020-10-29 11:23:27 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/XXX148b1934278xxxxddec5a23bXXX to PUBLIC_IP (auth: False)
2020-10-29 11:23:29 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/token to PUBLIC_IP (auth: False)