LetsEncrypt challenge failing due to other Raspberry Pi with 80/443

After dabbling with Hassbian I decided to switch over to Hass.io, mainly to get easy 1 click SSL with LetsEncrypt and run that through a reverse proxy with nginx.
I know the basics and have set up things like this in the past on another pi, but now this exact pi is posing a problem.


  • 1 Raspberry Pi running NextCloud, with nginx reverse proxy and letsencrypt set up correctly. It has dynamic DNS enabled through freedns (duckdns alternative)
  • 1 Raspberry Pi running Hass.io which I’d like to have SSL through LetsEncrypt & nginx reverse proxy for, also available with dynamic DNS outside of my local network.

My non-hass pi has port 80 & 443 TCP forwarded in the modem backend to expose it outside of my local network and link my public ip to my dynamic dns domain. I also set up a new freedns domain for my other hass-pi (so I have two publically accessible domains) and tried generating ssl certs with the letsencrypt addon.

It seems however that during the challenge required to generate the certs it’s not working because letsencrypt finds my other non-hass pi’s domain already on port 80 & 443. Changing the ports there is not an option and I think only 443 is allowed for SSL (https).

Can anybody point me into the direction so I end up with:

2 Raspberry Pi’s, both exposing ports 80 & 443 forwarded with TCP in the modem and both accessible on different public domains that map to my public ip through freedns/duckdns/…

I realise the whole things sound complicated but that’s mainly because it’s hard to explain the network situation over here.

Thanks in advance

You should be pointing all your web traffic to the NGINX machine and let it do the forwarding to the correct IP addressed based on HOST HEADER.

1 Like

@treno Aha that makes sense. I did it the same way I did with the other location blocks, though it seems the assets are not serving right when checking the console.

location /hassio {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://hassio.local:8123;