I currently have remote access enabled on my HA with ports 8123 and 443 (for Google Assistant) open. Im using my duckdns url along with duckdns SSL certificate. Works well in that I can connect to my HA outside my network by going to my https://duckdns url, and log in. Inside my network, I use my IP address and it connects also with certificate warnings. However, with my companion app for android, it doesn’t work locally (I have to switch to my cellular network…any idea why this is the case?).
With regards to Nginx, I saw some video suggesting to use Nginx with their SSL certificates, and followed this tutorial:
but im unable to get Nginx to work. At part 9:14 when I want to turn on SSL, it fails and I get “Internal Error”. The logs say something about not being able certify or get my duckdns server (unfortuantly, I do now have the exact error message now).
How can I switch to the Nginx approach after setting up DuckDNS/SSL? Is it recommeded or should I just leave it with DuckDNS/SSL?
Companion app doesnt work with self-signed certs which might extend to certs that fail verification I suppose. Either use NAT loopback and use your external hostname internally, or switch internal to http instead.
@callifo thanks, here the error log i get when I enable SSL in Nginx.
[2/19/2022] [9:09:10 AM] [Nginx ] › ℹ info Reloading Nginx
[2/19/2022] [9:09:10 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #5: XXX.duckdns.org
[2/19/2022] [9:09:16 AM] [Nginx ] › ℹ info Reloading Nginx
[2/19/2022] [9:09:16 AM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-5" --agree-tos --email "[email protected]" --preferred-challenges "dns,http" --domains "XXX.duckdns.org"
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for XXX.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain XXX.duckdns.org
http-01 challenge for XXX.duckdns.org
Cleaning up challenges
Some challenges have failed.
I’ve confirmed with my ISP and port checker, that port 80 is not blocked. I can actually login to my HA using my duckDNS url (on a different network) with HTTP only. How do I enable SSL now based on the above error?
Before this, I had DuckDNS with SSL enabled and working. I unsinstalled DuckDNS and MariaDB and then I reinstalled them again…but still geting this error.
I’m having the exact same issue. But am not able to access my homeassistant instance even with just http, with ssl deactivated. Please update if you find a solution. Thanks.
