Problems getting DuckDNS working

Hi, let me upfront admit poor knowledge of the config work for HA, but I hope someone can help. My main goal is to integrate with SmartThings, to use a Netatmo wind gauge in automations. To get this working, I have generated a personal access token, but when trying to add it, I get the message “The base_url for the http component must be configured and start with https://.”.

So I have set up DuckDNS and external access works, but when I add the following (using my domain) to the config.yaml file:

http:
base_url: https://my-domain.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Access to HA stops. Some instruction pages say this should also be added:

{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “sdfj-2131023-dslfjsd-12321”,
“domains”: [“my-domain.duckdns.org”],
“seconds”: 300
}

But elsewhere it says DuckDNS eliminates the need for this, and in any case I don’t where in the config to put it (not for lack of trying).

So I really don’t know what else should be done to get this working?

Are you not indenting your settings? yaml is very sensitive to correct indentation.

it should be

http:
  base_url: https://my-domain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
1 Like

Welcome back!

I did not need to add any lets_encrypt: settings.
The entries for ssl may be different if you installed HA with Hassbian or a python virtual env.

You would also need to forward [internal_ip]:8123 to port 8123 outside on your router.

I have had the Smartthings integration working with a virtual device by using Duckdns.

How did you install Home Assistant & Duckdns? That will help us direct you further.

Hi, thanks for your quick reply!

I also read there should be no need for lets_encrypt settings, but I assume the base_url must be defined somewhere.

About my installation: HA installed in Docker on a Synology, port forwarded (like I said, it works before I add the base_url to the config file). DuckDNS just set up at their site, with my domain and key generated.

1 Like

I installed Home Assistant in a python virtualenv so my certificates are in a different place. That’s why I asked about what type of installation. Here is my [redacted] setup.
http:
base_url: xxx.duckdns.org:8123
ssl_certificate: /home/homeassistant/dehydrated/certs/xxx.duckdns.org/fullchain.pem
ssl_key: /home/homeassistant/dehydrated/certs/xxx.duckdns.org/privkey.pem

I have seen the url with & without https://

Thanks again! And I believe I am beginning to realize the problem, I hadn’t understood I need to point the certificate/key to the right folder (said I was inept at this). But it still leaves me with the question; should I download a certificate and key to place in folders on my Synology? Btw, the homeassistant folder is in the folder Docker. I mess up these paths all the time; should the address then be "/docker/homeassistant/certs/etc.?

I think I am starting to understand a bit more about how to set this up, but there are so many pages/forum posts with often conflicting instructions out there that I am confused about what I need to set up and not. The status so far:

  • Domain set up at duckdns
  • duckdns added as DDNS in External Access section of the Synology Control Panel (and working, status Normal)
  • Found the option under Security/Certificate in the Synology Control Panel to export the certificate (resulting the three files cert.pem, chain.pem, and privacy.pem)
  • Placed these files in a “cert” folder in the Synology File Station (path /home/HA_certs/)
  • Updated the config.yaml file with:

http:
base_url: https://mydomain.duckdns.org:8123 (mydomain of course replaced by my actual domain name)
ssl_certificate: /home/HA_certs/fullchain.pem
ssl_key: /home/HA_certs/privkey.pem

I have also tried with http instead of https, but eventually adding SmartThings as integration requires https. Port forwarding is set up for 443 and 8123 (external) to 8123 (internal) to the Synology.

With this setup, I cannot even access Home Assistant, but it works fine if I remove the added lines to the config file. Clearly I am getting something wrong, but I cannot figure out what.

Some instructions talk about setting up Let’s Encrypt, but that now seems to be integrated into duckdns? Also posts about reverse proxy for Home Assistant, is that required? Anyone can see what I am doing wrong?

Hi, Smart, I am truly sorry, I only saw the reply from bosborne, but not your, just became aware of it! And I am sad to say that despite daily attempts to fix this, I still cannot get it to work. After I saw your reply, I made sure the indentations in the config file are correct, but still no luck.

I currently have the following situation:

  • If I just remove the base_url and ssl lines from the config file, HA loads fine
  • If I add just the base_url line, which is the original complaint when trying to add SmartThings integration, I can access HA by using http://mydomain.duckdns.org:8123, but not https. Then I get one step further in adding SmartThings, but when I add the token, the message now is “SmartThings could not validate the endpoint configured in base_url. Please review the component requirements.”
  • Even if I am a complete idiot about these things, I do believe I understand that the issue is I still have not been able to set up a proper encrypted connection, for some reason or other (confirmed by certificate checkers not being able to access the connection), but I just cannot figure out what is wrong.

The steps I have taken to get this far are:

  • Domain set up at duckdns
  • duckdns added as DDNS in External Access section of the Synology Control Panel (and working, status Normal)
  • Found the option under Security/Certificate in the Synology Control Panel to export the certificate (resulting the three files cert.pem, chain.pem, and privacy.pem)
  • With these files, I have been experimenting with different locations on the Synology, fearing that the issue has to do with the path. From sample config entries, I see both full paths to home or wherever people put these or just /ssl/filename
  • Updated the config.yaml file, taking care to get the indentations right, with:

http:
base_url: https://mydomain.duckdns.org:8123 (mydomain of course replaced by my actual domain name)
ssl_certificate: /home/ssl/fullchain.pem
ssl_key: /home/ssl/privkey.pem

Port forwarding is set up for 443 and 8123 (external) to 8123 (internal) to the Synology.

I am still hoping someone with better understand of these things could offer some more advice, as I am stuck!

One more thing, when I check the certificate (Synology Control Panel, Security, Certificate), I see that it says “For duckdns.org:8443”, not port 443. This is not possible to change and when I try to port forward 8443 on my Netgear Orbing router, I get the message “The specified port(s) are being used by other configurations. Please check your configurations of USB Readyshare, Remote Management, Port forwarding, Port Triggering, UPnP Port Mapping table, RIP, and Internet connection type”. Could this be an issue?

And if I try to access https://mydomain.duckdns.org:8443, I get this message:

mydomain.org:8443 uses an invalid security certificate. The certificate is only valid for the following names: www.routerlogin.net, routerlogin.net, www.orbilogin.com, orbilogin.net, routerlogin.com, orbilogin.com, www.routerlogin.com, www.orbilogin.net Error code: SSL_ERROR_BAD_CERT_DOMAIN

Is there some confusion for the redirection between Synology and the Orbing router?

And for https://mydomain.duckdns.org:8123, in Firefox I get:

An error occurred during a connection to banha.duckdns.org:8123. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Have you tried googling your errors. The first hit I get says this error can be produced by FireFox if you try to use a non-standard port for ssl. Which you already said you have found to be the case.
https://support.servertastic.com/knowledgebase/article/error-code-ssl_error_rx_record_too_long

I don’t think you can really get much help from the community because we can’t see your setup. General questions like you are asking are pretty much impossible to solve. It is sort of like calling you doctor and saying “I have a headache, can you tell me why” and not mentioning you had 4 beers last night :slight_smile:

Looks like you are on the right track. Debug one piece at a time. Figure out how to correctly setup SSL on duckdns first then worry about SmartThings and netatmo.

Some questions that might help you.

Are you following these steps?
https://support.servertastic.com/knowledgebase/article/error-code-ssl_error_rx_record_too_long
Is so, are you on a hass.io install?
If not then as @anon34565116 already mentioned the steps are different for hassbian. The instructions above are for hass.io. On hassbian you need to do things differently (I have not implemented duckdns or SmartThings…I dropped SmartThings and replaced with hassbian) These are the step you need if using hassbian.
Installing TLS/SSL using Let's Encrypt - Community Guides - Home Assistant Community

Why does your router have port 8123 in use? Perhaps your issue is you already have a device on that port.

Sorry, but there are just too many variables and too many things we don’t know about your config and how you set things up for anyone to solve your issue.

On a side note. How do you like the netatmo wind gauge? I am in the market for a weather station and just discovered netatmo.

Hi smart, thanks for your insights!

It seems clear the problem is setting up the SSL certificate, and the one link you showed mentions problems with having two certificates; I will have to check if perhaps I have both a duckdns and synology certificate set up now.

Port 8123 is forwarding internally to 8123 for Home Assistant, but I was puzzled by the reference to port 8443 in the certificate.

As for Netatmo, the weather station (indoor and outdoor modules) does what it should and have nice displays in the Netatmo app. I have it integrated into HomeKit using Homebridge, but HomeKit does not handle wind sensor signals. Thus, I have it connected to SmartThings, where it works, and is for the purpose of running up a sun screen in cases of heavy wind. However, I use a Hue outdoor sensor for light levels, and that does per now not make into ST. (You can read more about my setup and experiences with Netatmo on my own smart home page).

OK, somehow I managed to get a significant step further! By playing around with the folder to store the certificate and the path to it, all of a sudden https://mydomain.duckdns.org:8123 works. However, when trying to achieve what was my original intent in setting up the https access, i.e., SmartThings integration, it still doesn’t work. I add the ST token, but then get this message:

SmartThings could not validate the endpoint configured in base_url. Please review the component requirements.

Any idea what could be wring now?

The problem (still) seems to be with the certificate, which checked by digicert seems almost OK, except it is not trusted. Isn’t the whole point of Letsencrypt that it is a trusted certificate?

OK, should anyone run into the same problem, I am glad to say I found a solution (with the help from knowledgeable people in the Letsencrypt support forum). The problem was (and I don’t know if this is a Synology thing) that when exporting the certificate files (cert, chain, and privkey (all pem files)), the chain file only contains one section and not the actual certificate. So I had to edit that file by pasting the certificate section from the cert file into the chain file and use that as full chain.pem.

Then it finally worked! However, really to no avail. The Netatmo wind gauge is now exposed to Home Assistant, but only the battery level information. The wind readings do not make it over, just like in HomeKit, so the only place where the wind speed can be obtained from the gauge is in the native Netatmo app and the SmartThings app.

1 Like