Between the 1st and 4th December I setup hass.io up on a Raspberry Pi 3. Part of the configuration setup duckdns so I could access HA from my iPhone. At the time I could access HA through safari and the iOS app on my phone.
Over the last couple of days I added some new MQ sensors and when I came to test on my phone it was no longer working (I didn’t check whether phone access was working before and I’d guess it’s a month or so since I last used the app).
When I try to access HA through the iOS app I get the following error:
Connection Error
There was an error connecting to Home Assistant. Please confirm the settings are correct and save to attempt to reconnect. The error was:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my-hostname.duckdns.org” which could put your information at risk
When I try to connect to HA through safari, I get the login screen. After I enter my password it spins for a bit saying “connecting” and then drops back to the full login screen including the message “Unable to connect”.
I read tried a couple of things I saw in some of the forums:
- clearing the safari browser data for “my-hostnam.duckdns.org”
- Editing configuration.yaml to change “frontend: javascript_version: es5”
I’ve also updated HA to 0.65.5 and duckdns to 1.1. I restarted duckdns after the update and the restart log is below
starting version 3.2.4
INFO: Using main config file /data/workdir/config
- Account already registered!
Sat Mar 17 16:33:48 AEDT 2018: OK
xxx.xxx.xxx.xxx (host IP address)
NOCHANGE
INFO: Using main config file /data/workdir/config
Processing my-hostname.duckdns.org
- Checking domain name(s) of existing cert… unchanged.
- Checking expire date of existing cert…
- Valid till May 8 11:17:35 2018 GMT (Longer than 30 days). Skipping renew!
I checked the hass.io HA and SU logs and couldn’t find anything in there that indicated an error
Could anyone point me in the right direction to resolve this?
After a bit more digging I worked out the certificate had expired even though the duckdns log indicated it was valid until 8th May. The only way I could find to force the certificate to update was to reinstall duckdns, when I did this I think I found the error.
In both my duckdns and configuration.yaml files I was explicit about where the SSL certificates were;
/ssl/fullchain.pem and /ssl/privkey.pem
When I reinstalled duckdns it couldn’t save the certificates as it tried to create /ssl//ssl/fullchain.pem so in the duckdns config I reverted to the defaults
ssl_certificate: “fullchain.pem”
ssl_key: “privkey.pem”
and in the configuration.yaml the full location
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
I can’t understand how it could ever have worked (unless I changed something afterwards and forgot to note it down).