Remote acces switching from duckdns to VPN (Tailgate)

Hello,

because duckdns/letsencrypt is no longer providing me with a stable connection I wanted to try and switch to remote acces via a Tailgate VPN.
Unfortunately I’m a bit in over my head and do not really know what I’m doing.
I’ve set up the VPN connection, but are not able to connect to HA. I’m suspecting the https certificate (used by duckdns/letsencrypt) has something to do with it, but can’t remember how I set this up back in the day.
At this point my main concern is locking myself out, since apperently I have some wrong settings under System/Network and can’t connect locally:

So my question would be: whats the best way to switch without locking myself out?
In what order should I deactivate ports/certificates without locking myself out?

Any help is very much appreciated!

What’s the stability issue with duckdns/letsencrpyt? If you really want remote access to your HA you should either look at using nubacasa or setup a separate server that provides you VPN access to your network. Nabucasa is the easiest way to get remote HA access. It provides you a remote proxie so you don’t need to worry about dynamic DNS to determine your home IP address. Openvpn is probably the best and most widely used capability for getting remote access to your home network. There is an official image that can be used on a pi from openvpn.

Im not sure what the issue with duckdns is, but about half of the time Im not able to connect to HA.

Im aware of the different ways to set up remote acces, but for now my biggest problem is how to get rid of the https certificate without locking myself out. Or just even reset things so that i can acces locally again. Like it would have been after a fresh install.

Is there noone who can help me out with this?

In configuration.yaml, you probably have some lines like this:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

change it to ( comment out)

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem

then you can access your HA locally again using http

Thank you so much! Now it comes back to me!

I should defintely close the opened port in the router straight away after comenting those lines in the config, right?

And what (if any) should I put in the field “local network” or just leave it at automatic?

indeed.

I put http://ip:8123 there, where IP is the IP-address of the HA server.

I will try when I get Home.
Thanks again!

I use Uptime Kuma to track the availability of HA, and DuckDNS regularly fails (often several times a week).

I moved to a different (free) DNS provider:- https://freedns.afraid.org/

The stability has been rock solid, and using Nginx Proxy Manager, its trivial it up with lets Encrypt to provide an SSL encrypted connection.

By having Nginx setup outside of HA (its on its own VM in proxmox), I can still access HA locally over http.