Let's Encrypt/DuckDNS/Hass.io error

anon35356645 · October 9, 2017, 7:38pm

I just use it for changing the files, do not understand how it works the left panel

Bobby_Nobble · October 10, 2017, 1:56pm

The main point is you don’t have to muck about with letsencrypt as it’s all automated in the single add-on.

Just checked mine again and it’s stopped working unless I reforward the port, so something not right somewhere.

Is the mystery IP the external one from your mobile network, have you tried whatismyip from it?

Bobby_Nobble · October 10, 2017, 1:58pm

It’s supposed to be useful for auto inserting copy into the right hand window, for instance, it should show all your entities so you can just pick one from the list and it will auto fill. Clever when it works but mine’s not having any of it using SSL.

anon35356645 · October 10, 2017, 2:27pm

I see: not working …

Jonny4587 · October 10, 2017, 3:02pm

Hello together,

I have possibly the same issue. And I am not sure what addons I really need. The despriction is not clear enough (maybe only for me…)

I have Duckdns started with:

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my token",
  "domains": [
    "xxxx.duckdns.org"
  ],
  "seconds": 300
}

Let’s crypt:
{
“challenge”: “https”,
“email”: “[email protected]”,
“domains”: [
“xxx.duckdns.org”
],
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
}

and in configuration.yaml:

http:
  api_password: !secret http_password
  base_url: xxx.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

and also I forwared all incoming request (TCP) port 443 to my HA-device-Ipv6 port 8123 in my router settings.

If I have
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
in my config file under http: my HA is not working.

On Duckdns homepage I inlcuded my ip adress in the ipv6 field.

What is not correct on my settings? I am a bit confused.

Bobby_Nobble · October 10, 2017, 4:17pm

You don’t need the Lets Encrypt add-on, so get shot of that, and, as I said above, I found it didn’t work with the api_password above the keys, so move that to the bottom of http: in your config yaml.

shred · October 10, 2017, 4:24pm

It’s not my mobile device IP. I did look up the IPs and they’re blacklisted, meaning not good. My guess is there’s people out there constantly scanning *.duckdns.org addresses to find access to home networks. If you’re not running a firewall (or even if you are), I’d highly recommend you run a very complex password, especially without two-step authentication. Another smart thing would be to create a complex domain as well. It would be nice if we had the ability to only allow certain devices to access HA based on some sort of device ID (MAC address?). Anyways, I’ve turned off DuckDNS for the time being.

Jonny4587 · October 10, 2017, 6:17pm

I did it and it looks now:
http:
base_url: xxx.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
api_password: !secret http_password

But unfortunately it wont work. Any other idea?

anon35356645 · October 10, 2017, 6:18pm

Ip from Washington, maybe the NSA

anon35356645 · October 10, 2017, 6:19pm

Port forward 443 to 8123, IP of your hass

Jonny4587 · October 10, 2017, 6:26pm

This is already done. It’s an ipv6 adress, is this maybe relevant?

anon35356645 · October 10, 2017, 7:10pm

I use ip4, don’t know much about it

boradwell · October 11, 2017, 3:32am

I see that new version of Duck DNS was released with the 0.55 update. Do you guys think that this has something to do with it?

Bobby_Nobble · October 11, 2017, 7:30am

It’s not a new version it’s a new built in component, we’re using the hass.io add-on with baked in letsencrypt support, different things. Í did mention mine started working after the 0.55 update but, as I said, came to the conclusion it was more coincidental than connected.

boradwell · October 11, 2017, 5:00pm

Got it. Could you help me with getting port forwarding set up? I have Hassio and Duck DNS set up and working correctly but can’t get the port forwarding right. This is what I am doing 43 AM

And I keep getting this error
“The specified ports are being used by other configurations. Please check your configurations of Remote Management, Port forwarding, Port Triggering, UPnP Port Mapping table, RIP, and internet connection type.”

I dont have any port forwarding set up so I’m not sure what I causing this error

Bobby_Nobble · October 11, 2017, 5:59pm

Not seen a dialogue that that before but it looks like you need to set both the externals to 443, deselect “Use the same port…” and set both internals to 8123. At the moment you’ve forwarded every port between 443 and 8123 to the matching internal ports

boradwell · October 11, 2017, 6:21pm

That did it. Thank you so much!! I was thoroughly confused what the starting and ending ports meant ha. Thank you for clearing that up.

Bobby_Nobble · October 12, 2017, 9:52am

Although I can’t see it documented anywhere, the update has fixed it.

anon35356645 · October 12, 2017, 10:26am

not for me …

Bobby_Nobble · October 12, 2017, 10:34am

hmmm…do you have the 3218 > 3218 port forward?