Impossible to access HA externally

ddavidd88 · May 12, 2022, 9:53pm

I spent several hours thinking about what’s wrong in my config. It’s impossible From me to acces to my ****.duckdns.org

The steps I followed is:

Configure DUCKDNS like this:

aliases: []
domains:
  - ******.duckdns.org
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300
token: ********************

It’s shown in the log:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[22:41:17] INFO: OK
———-
UPDATED
[22:41:17] INFO: Renew certificate for domains: *****.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing *****.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jul 20 20:58:15 2022 GMT (Longer than 30 days). Skipping renew!
[22:46:21] INFO: OK

I installed the Let’sEncrypt add-on like this:

domains:
  - *****.duckdns.org
email: [email protected]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: http

And this the log:


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] file-structure.sh: executing... 
[cont-init.d] file-structure.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[23:47:55] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

And this is my opening ports configuration:

External 443 - 8123 Internal
External 8123 - 8123 Internal
External 80 - 80 Internal.

And finally in my configuration.yaml

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

EDIT: I found this message, but I don’t know how can I solve it: Certificate validation error: ***.duckdns.org [unable to get local issuer

I don’t know where is the mistake…

tom_l · May 12, 2022, 10:20pm

Remove that.

The DuckDNS addon already includes LetsEncrypt. That’s why this config exists:

lets_encrypt:
  accept_terms: true

ddavidd88 · May 13, 2022, 5:24am

I made that conf. I will try removing LetEncrypt addon but I don’t know if it will solve it.

ddavidd88 · May 15, 2022, 5:06pm

I tried uninstalling the LetsEncrypt Add-9on however the error persists it’s seems and error with the port forwarding in several responses looking through internet I saw different router config.

Can you help me with this info please?

Thanks

tom_l · May 15, 2022, 10:10pm

For the IP address of your home assistant server you need to forward port 8123 (internal) to a port you pick for the external address. 443 is popular because it is the default for SSL so you don’t have to specify it in the URL.

e.g. https://your_domain_here.duckdns.org

If you forward it to some other external port, e.g 5555 then the address you visit must be:

https://your_domain_here.duckdns.org:5555

Also check that the DuckDNS admin page you setup the domain on reports the same ip address as your router reports for its public ip address.

ddavidd88 · May 15, 2022, 10:23pm

In my duckdns admin page I’ve a external URL which I have not set in my router port forwarding. IN my router I redirectes 443 to 443, 8123 to 8123 and 80 to 80, all of these set under local IP 192,168..,

The IP is set automatically when I select the homeassistant instance

tom_l · May 15, 2022, 10:47pm

Good. You don’t use the URL for port forwarding. You use the Home Assistant IP address on you internal network.

You did not answer this question, do these match?

Remove all but the 8123 → 8123

Then try this address from your phone on a cellular network (disconnected from wifi):

https://your_domain_here.duckdns.org:8123

ddavidd88 · May 16, 2022, 5:43am

My fault. I said URl but I mean IP. In my duckdns admin page have a public IP which I don’t use in any conf. In my port forwarding page I select the interbal IP asociated to my home assistant. I’m doing something wrong?

tom_l · May 16, 2022, 5:51am

Ok for the third time, does it match the actual public IP of your router?

Are the two the same?

You don’t need to change anything, just look.

ddavidd88 · May 16, 2022, 10:03am

I’m sorry for my ignorance, this is the cong.

And in duckdns the ip is 37,233..

I’m going to delete the 80 and 443 redirection rules