I got locked out of Home Assistant!

I’ve been using DuckDNS for several years, but just switch Internet provider who happens to use CGNAT so I decided to switch to Nabu Casa.

I was following the procedures in this post:

Switch from DuckDNS to Nabu Casa

However after restarting HA once I did these steps:

Stop and then delete the DuckDNS addon.
Remove your port forwarding rules from your router Then check that they are really gone. I can not stress this enough.
Remove the two ssl lines from under http: in configuration.yaml

I could no longer access Home Assistant. I tried three different browsers on my desktop, my iphone, and even tried to SSH in using WinSCP. No luck; I couldn’t connect or was getting a 404 error. However, I could tell HA was up and running as my automatons were still working.

Needless to say, I wasn’t thrilled as I couldn’t imagine what I may have missed. I have a fairly simple set up and nothing in my configuration.yaml file other than the ssl lines for the certificates.

Fortunately after about an hour I thought to reestablish my port forwarding and once again gained access. At that point I added the two ssl lines back into configuration.yaml.

Any idea what I missed? I have MFA turned on, but I couldn’t even get the logon screen so I don’t think that was the culprit.

I’m really reluctant to try this again, but I don’t have external access any more and thought going to Nabu Casa would be a simple 5-10 minute exercise.

Did you keep reading the next instructions?

Yes, when I tried using http: I kept getting a 404 error, which I thought was strange. I tried Chrome, Firefox, and Edge; got the same results. The only thing I didn’t do at the time was flush cache.

What address / URL were you trying?

My local ip address without the 8123 since port forwarding was turned off. When I tried https:// I got the browser saying the site was insecure and would not let me connect that way either. Trust me, I tried every combination I could think of when the initial attempts failed.

Locally you go back to using http://<ip_address>:8123 i.e. you do still have to include the port the home assistant web server uses. Remove the ssl lines and port forwarding and try again.

For remote access use the URL provided by Nabu Casa.

OK, so I’m supposed to leave the port forwarding in on my router? When I added it back in, I was able to use http://<ip_address>:8123.

Thanks for your help. I will have to remove the ssl info from configuration.yaml again try this in the morning, as I have an appointment tonight and won’t get back until late. I will post back here the results one way or another.

If it works, I will continue with Nabu Casa as I haven’t set that up yet. (hadn’t gotten that far)

You don’t need to open any WAN ports on your router for NabuCasa.

No. The instructions clearly say to remove it. So do so.

Port 8123 is used by home assistant not your router. Port forwarding in your router is only used for external access. Not internal. Internally home assistant uses http://<ip_address>:8123 and now externally you will be using the Nabu Casa service that does not require port forwarding for access. If you leave the port forwarding then it will just be an unneeded and unwanted security hole.

From the install instructions, before any port forwarding is done right after a clean install you access home assistant like this:

https://www.home-assistant.io/installation/raspberrypi#start-up-your-raspberry-pi
Screenshot 2022-08-05 at 08-10-07 Raspberry Pi

That is what you will be reverting to.

Removing the SSL lines from your config changes access from https to http. This is also required as you will no longer have access to duckDNS for the SSL certificates required for https.

That’s what I did the first time. So I just went step by step through the process again and this time everything is working as it should. Have no idea what I messed up the first time but I’m sure it was user error.

Thank you for your help.

1 Like