Lets-encrypt setup?!

Configuration
1

I have duckdns set up and am able to access HA from oudside my homenetwork: http://xxxx.duckdns.org:8123 – so far so good.

I have however problems with lets-encrypt. I have accepted the terms and the files fullchain.pem and privkey.pem are generated and placed in /ssl.

But if I uncomment the http-entries in configuration.yaml HA fails to start (=> safe mode)

http:
# base_url: xxxxx.duckdns.org:8123
# certfile: fullchain.pem
# keyfile: privkey.pem

Also configuring the external url as suggested in this post results in starting HA in safe mode Base_url deprecation, but unclear what to do about it

What am I doing wrong?

Regards, Ko

2

certfile: and keyfile: are invalid for http:. See here:

You’ll need to specify the path that both of those are at (by default with the add-on they’re at /ssl)

external_url: goes under homeassistant: if you have that section manually configured. Otherwise it goes at Configuration > General

3

Thanks for your reaction => I got it partially working (adapted the entries in configuration.yaml according to the example in the paged you referred to + configured the internal and external url ).

http:
#  base_url: xxxxx.duckdns.org:8123
#  certfile: /ssl/fullchain.pem
#  keyfile: /ssl/privkey.pem
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

.
I now have a secure connection from outside my local network, I have “the lock” :wink:

But … I am no longer able to access HA from inside my local network.
I always used “ip:portnumber” (http://192.xxx.xxx.xx:8123), but that isn’t working anymore, I get the message “This page isn’t working, 192.xxx.xxx.xx didn’t send any data”.

I probably miss something, any tips / clues …?

4

Yup, once you configure SSL, you need to use the external url.

5

Ok, thnx - Ko