No internal access after DuckDNS/LetsEncrypt

Allistah · December 13, 2020, 6:45pm

Hi there,

I’ve successfully installed DuckDNS and LetsEncrypt. It is working from the external name of https://mydomain.duckdns.org just fine.

My Internal and External URLs are set as follows on the General page:
External: https://mydomain.duckdns.org
Internal: http://homeassistant.iot.mydomain.org:8123

But now, my internal name/url http://homeassistant.iot.mydomain.org:8123 doesn’t work any longer.

This happened as soon as I restarted with this added to the configuration.yaml file.

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

So by adding that, I no longer have internal access? I tried the following and none of them work from my internal network:

http://homeassistant.iot.mydomain.org
http://homeassistant.iot.mydomain.org:443
http://homeassistant.iot.mydomain.org:8123
http://(internal-IP)
http://(internal-IP):443
http://(internal-IP):8123

Could someone tell me if I’m missing something in my config or if this is the way it is now that I’ve added those certificates and this is part of the lockdown to make it secure?

Debo · December 13, 2020, 6:57pm

I have the same issue and am equally interested in this answer!

ski522 · December 13, 2020, 7:01pm

http://homeassistant.iot.mydomain.org
http://homeassistant.iot.mydomain.org:443
http://homeassistant.iot.mydomain.org:8123
http://(internal-IP)
http://(internal-IP):443
http://(internal-IP):8123

You need to use https

Allistah · December 13, 2020, 7:09pm

Ah ok… So my internal url is now https://(internal-ip):8123. The internal name is now https://homeassistant.iot.mydomain.org:8123.

Since my port forward changes 443 -> 8123, it’s just easier to use the external URL everywhere I guess. If I go to the internal URL, the certificates don’t match, which is expected.

I guess I don’t see any harm in always using the external URL so that the certificates are always happy.

ski522 · December 13, 2020, 7:34pm

If you run your own internal DNS server (like Pi-Hole) or your Internet router is providing DNS looks up for you and it has the ability to set static DNS entries in it, you can set up the same external host name internally but just have it point to the private IP.

IE homeassistant.iot.mydomain.org => 192.168.x.x

Certs don’t care about IP’s they just care about the domain name being authenticated. That way you’re just using the same DNS name regardless if you’re internal or external to your network.