Home Assistant Community

Lets Encrypt issues

#21

Hi Petro, not sure if this in response to me but I’m not using DDNS - or have I missed something?

Or does anyone have any suggestions to try to solve Let’s Encrypt not getting a response please?

0 Likes

#22

Yeah, I thought this was a different thread. If you are using Let’s Encrypt, I’ve always had to forward 443 to 443 just to update the cert. According to @DavidFW1960, that’s not the case anymore. Whatever is required is what you need to port forward. Once the cert goes through, you need to turn on 443 to 8123 again.

0 Likes

#23

How do I see what ports are open whilst the Let’s Encrypt add-on docker container is running? When the LE add-on is waiting for cert confirmation there is no response on port 80 using a port scanner - should there be?

I don’t think it’s a router issue as 8123 is working, plus the duckdns add-on works - just not the stand-alone LE add-on which I want for my personal domain.

0 Likes

#24

If you’re on Hassio, when I renewed my certificate recently I had to delete the addon and reinstall it before it would work. I’m running the stand-alone lets encrypt addon in Hassio.

0 Likes

#25

Thanks for responding. Yes I’ve tried reinstalling and even starting again from scratch, writing a new image to the sdcard. Same error sadly.

Given everything I’ve tried I’m wondering if it could be something to do with the new resinos image which I’d updated to before my cert expired, so will try to find an older version and try it all again…

0 Likes

#26

Hello,

could you guys confirm I can achieve what I want before I start with this? All I want to accomplish is to limit the traffic to and from HA so that only encrypted traffic is allowed but I really don’t want to connect from outside my network to HA through a port forwarding because I’ve chosen the VPN route instead.

I tried the duckdns add-on to no avail, but I can’t really put my finger on what is wrong with what duckdns makes to the system. In a nutshell, when I had duckdns successfully setup I could connect to HA from the LAN and the Internet (which I don’t want), and if I enabled the firewall on port 443 (thus disabling remote access over https), then my PC could still connect with HA over https but my smartphones would stop accessing it.

Not sure if I explained myself correctly :frowning:

0 Likes

Community Hass.io Add-on: motionEye
#27

So you don’t want it to communicate to the outside world but you want to communicate to your phone… which is in the outside world?

0 Likes

#28

Well yes it is, but my phone does connect back to my local network over VPN. My desired scenario would be to enable and restrict traffic to fully encrypted https traffic to and from HA, without needing to enable access to Internet. When my phone is away from my network, I VPN back into the local network through a VPN device that I own.

0 Likes