No Remote Access to HA Installation

Edit: Cleaned up the post a bit as I wrote the original when I was pretty tired and realized it didn’t make much sense when I came back and re-read it.

I have a Raspberry 3b+ and have installed HA on top of a Rasbian installation. Everything is working fine if I only try to connect to HA from inside my home network. I have followed the Remote Access with TLS/SSL via Let’s Encrypt instructions almost to the letter. I have my BGW210-700 AT&T router setup in Bridge Mode (IP Passthrough) and I see my external IP address as my WAN address on my ASUS RT-AC88U router. I forwarded the ports on my router exactly has instructed in the documentation. The only real difference is that I am using my own google domain DNS rather than DuckDNS as I already had a google domain account. The Dynamic DNS is setup on my router and on the raspberry pi using the same DNS domain address, i.e. somename.googledomain.com. The router uses LetsEncrypt for the DDNS and I used the same DNS domain address when I set up the SSL for my Raspberry Pi per the instructions. I am guessing this could be causing some conflict, but not sure as this my first time setting up a web server. Does anyone know if I have my router setup as a DNS Client using LetsEncrypt, can you also have a Home Assistant server on the same network and use Letsencrypt with the same DNS address to secure it as well? Is it even necessary to secure the HA server if the router is already setup as secure Dynamic DNS client? I am thinking this maybe while I am having issues connecting to my HA from outside my network. I am a complete noob when it comes to networking and not sure how all this stuff is supposed to work together.

Thanks for any suggestions or knowledgeable advice.

Andrew J

What do you mean when you say “Plus I was having a hard time getting duckdns to work with LetsEncrypt because of the blocked ports.”?

finity. I originally tried to use DuckDNS before I remembered that I could use my google domain that I use for e-mail as a DNS service provider. Plus when I setup DuckDNS I could not get the letsencrypt on my RPI using the certbot-auto command for http-01 as I kept getting a time out error. Had the same problem when I switched to my google domain DNS. Used manual cert process, but I think this may have messed up my routers DNS setup as I was getting errors when I tried to access my router later…

Andrew J

Were you able to access your HA setup externally before you set up DuckDNS and your SSL certificates via your external IP:8123 (or whatever port you have HA using)?

If so, could you then reach your HA externally via the DuckDNS domain (or your google one) and proper port?

just trying to pin down where the issue is; your port forwarding, DNS or SSL.

finity. Unfortunately I never tried accessing the HA server before I setup DuckDNS and got SSL working. I had just assume (incorrectly) that if it was working from inside my network with the https address that it would work externally. It was only after I had everything setup that I tried accessing using my cell phone network that I realized I had a problem. I spent 8 hours on the phone with AT&T and they could not find anything wrong with my configuration. Until now it is a mystery why I am unable to connect on port 443 externally. The only thing I came across in my digging is that ports will remain closed if the listener does not respond. Even though per netstat the RPI is listening on port 8123, maybe for some reason it is not responding, but then I would think it would fail to respond when accessing using the https address from inside my network as well. So like I said it is a mystery.

I am looking at another possible solution using Weaved. Apparently it can allow you to access http sites inside your network without using port forwarding. Will see if it works. Probably will not work thou with HA App on mobile device. Probably just a web interface. Not ideal, but probably better than nothing if I need to check on something when away from home.

Thanks for your reply.

Andrew J

What I would recommend is just going back through the steps that you followed to set up external access and following every step that has you check the connection before moving o the next step.

If you comment out your SSL lines in your config and open port 8123 of your router forwarded to port 8123 of the internal IP of your HA setup then you should be able to reach HA by putting your external IP:8123 into a browser.

I think…

If you are successful at that point, set up DuckDNS and try that. If successful then try your google domain.

Then lastly try it with port 443 forwarded to 8123 and your SSL certs put back in.

If you can figure out the step where it fails then it will help you narrow down where the issue is.

After saying all that, there is another, more lightweight, version of letsencrypt that I’ve used on my second HA setup. It called dehydrated. Here is the link:

https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt

the benefit of the above is that it doesn’t require you to maintain port 80 open for cert renewal.

I am looking at another possible solution using Weaved. Apparently it can allow you to access http sites inside your network without using port forwarding. Will see if it works. Probably will not work thou with HA App on mobile device. Probably just a web interface. Not ideal, but probably better than nothing if I need to check on something when away from home.

Belkin Support Number